Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
711712713714715716717718719720
7-209
Virtual Private Networks
Configure a GRE over IPsec VPN with IKE
5. Create an IKEv1 policy.
See “Create an IKE Policy for a GRE over IPsec VPN” on page 7-221.
6. Install certificates for IKE (optional).
See “Install Certificates for IKE” on page 7-229.
7. Create an IPsec proposal.
The mode is typically transport mode because the TMS zl Module gener-
ates the GRE packets, but you can also use tunnel mode. You can configure
other settings as you choose, making sure to match them on the remote
tunnel endpoint.
If you have an appropriate proposal, you can use the existing proposal.
See “Create an IPsec Proposal” on page 7-244 to learn how to create a new
proposal.
8. Create an IPsec policy.
See “Create an IPsec Policy for a GRE over IPsec VPN That Uses IKE” on
page 7-247.
9. Configure firewall access policies to allow the traffic.
See “Create Access Policies for a GRE over IPsec VPN That Uses IKE” on
page 7-256
10. Configure global IPsec settings (optional).
See “Configure Global IPsec Settings” on page 7-349.
11. Configure the remote GRE over IPsec gateway with compatible settings.
See your gateway device’s configuration guide for instructions.
Create Named Objects (Optional)
You might want to configure the named objects indicated in Table 7-23.
For your reference, this table includes the location where you would specify
these named objects. However, configuration instructions will indicate when
you actually need to specify each object. The table also includes a reference
to numbers in Figure 7-171, which illustrates an example implementation of
GRE tunneling. The number indicates the IP address for that named object in
the example network.
See “Named Objects” in Chapter 4: “Firewall” for step-by-step instructions for
configuring objects.