Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
571572573574575576577578579580
7-74
Virtual Private Networks
Configure an IPsec Client-to-Site VPN
Verify Routes for the IPsec Client-to-Site VPN
In the Network > Routing > View Routes window, verify that your TMS zl Module
knows a route or routes to the remote endpoints. These routes can be a default
route, static routes, or routes discovered through a dynamic routing protocol.
The routes’ forwarding interface must be the interface with the IP address that
you specified as the local gateway address in the IKE policy.
Also note that, when you set up IKE mode config, a route to irstXXX is
automatically added to the route table. This route is to the network that you
configured for IKE mode config in the IPsec policy. In this example, the IRAS
IP address and mask were configured as 10.1.100.1/24, so the network in the
route is 10.1.100.0/24 and the gateway is 10.1.100.1.
Figure 7-53. Network > Routing > View Routes Window
Figure 7-54 shows a IPsec client-to-site VPN in which the remote clients are
on the subnets 172.22.3.0/24 and 10.78.15.0/24. For this VPN, a default route
through 192.168.115.1 would work. However, to better illustrate the necessary
routes, the figure shows two specific routes: one to each remote subnet. For
both routes, the gateway is 192.168.115.1. Whether a default route or specific
routes are used for this example, the IKE policy for this VPN must specify
192.168.115.71 as the local gateway.
See Chapter 9: “Routing” for instructions on setting up routes.