TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

511

512

513

514

515

516

517

518

519

520

7-2

Virtual Private Networks

Contents

Configure an IPsec Client-to-Site VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-28

Create an IKE Policy for a Client-to-Site VPN . . . . . . . . . . . . . . . . . . . 7-29

Install Certificates for IKE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-37

Install Certificates Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-37

Install Certificates Using SCEP . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-47

Create Named Objects for the VPN (Optional) . . . . . . . . . . . . . . . . . . 7-52

Create an IPsec Proposal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-53

Create an IPsec Policy for a Client-to-Site VPN . . . . . . . . . . . . . . . . . 7-56

Create Access Policies for an IPsec Client-to-Site VPN . . . . . . . . . . . 7-68

Verify Routes for the IPsec Client-to-Site VPN . . . . . . . . . . . . . . . . . . 7-75

Configure an IPsec Site-to-Site VPN with IKE . . . . . . . . . . . . . . . . . . . . . . 7-77

Create Named Objects for the VPN (Optional) . . . . . . . . . . . . . . . . . . 7-78

Create an IKE Policy for a Site-to-Site IPsec VPN . . . . . . . . . . . . . . . 7-79

Install Certificates for IKE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-88

Install Certificates Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-88

Install Certificates Using SCEP . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-98

Create an IPsec Proposal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-104

Create an IPsec Policy for a Site-to-Site VPN that

Uses IKE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-106

Create Access Policies for an IPsec Site-to-Site VPN that

Uses IKE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-116

Verify Routes for an IPsec Site-to-Site VPN . . . . . . . . . . . . . . . . . . . . 7-122

Configure an IPsec Site-to-Site VPN with Manual Keying . . . . . . . . . . . . 7-123

Create Named Objects for the VPN (Optional) . . . . . . . . . . . . . . . . . 7-123

Create an IPsec Proposal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-124

Create an IPsec Policy That Uses Manual Keying . . . . . . . . . . . . . . . 7-127

Create Access Policies for an IPsec Site-to-Site VPN

with Manual Keying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-137

Verify Routes for an IPsec Site-to-Site VPN . . . . . . . . . . . . . . . . . . . . 7-140

Layer 2 Tunneling Protocol (L2TP) over IPsec Concepts . . . . . . . . . . . . 7-142

Configure an L2TP over IPsec VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-143

Create Named Objects for the VPN (Optional) . . . . . . . . . . . . . . . . . 7-144

Create an IKE Policy for an L2TP over IPsec VPN . . . . . . . . . . . . . . 7-145

Create an IPsec Proposal for an L2TP over IPsec VPN . . . . . . . . . . 7-152

Create an IPsec Policy for an L2TP over IPsec VPN . . . . . . . . . . . . 7-155