Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
761762763764765766767768769770
7-265
Virtual Private Networks
Configure a GRE over IPsec VPN with Manual Keying
Configure a GRE over IPsec VPN with
Manual Keying
You must complete these tasks to configure GRE over IPsec with manual
keying:
1. Optionally, create named objects, which you can use in VPN and firewall
access policies related to the GRE tunnel.
Using named objects is best practice; however, you can specify IP
addresses manually. See “Create Named Objects (Optional)” on page
7-266.
2. Create a GRE tunnel for the traffic that you want to secure with GRE over
IPsec.
See “Create a GRE Tunnel” on page 7-267.
3. Verify that there is a route to the remote tunnel gateway.
See “Verify that a Route to the Remote Tunnel Gateway Exists” on page
7-271.
4. Create routes through the GRE tunnel interface.
See “Configure Routes that Use the GRE Tunnel Interface” on page 7-272.
5. Create an IPsec proposal.
The mode is typically transport mode because the TMS zl Module gener-
ates the GRE packets, but you can also use tunnel mode. You can configure
other settings as you choose, making sure to match them on the remote
tunnel endpoint.
See “Create an IPsec Proposal” on page 7-279.
If you have an appropriate proposal, you can use the existing proposal.
6. Create an IPsec policy that uses manual keying.
See “Create an IPsec Policy for a GRE over IPsec VPN That Uses Manual
Keying” on page 7-281.
7. Configure firewall access policies to allow the traffic.
See “Create Access Policies for a GRE over IPsec VPN That Uses Manual
Keying” on page 7-290.