Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
541542543544545546547548549550
7-28
Virtual Private Networks
Configure an IPsec Client-to-Site VPN
Configure an IPsec Client-to-Site VPN
To configure an IPsec client-to-site VPN, you must complete these tasks:
1. Create an IKE policy.
See “Create an IKE Policy for a Client-to-Site VPN” on page 7-29.
2. If you are using certificates, install the correct certificates on the TMS zl
Module.
Do not complete this step if your IKE policy specifies preshared key
authentication.
See “Install Certificates for IKE” on page 7-37.
3. Optionally, create named objects, which you can use in IPsec policies as
well as corresponding firewall access policies.
Using named objects is best practice; however, you can specify IP
addresses manually. See “Create Named Objects for the VPN (Optional)”
on page 7-52.
4. Create an IPsec proposal.
See “Create an IPsec Proposal” on page 7-53.
5. Create an IPsec policy.
See “Create an IPsec Policy for a Client-to-Site VPN” on page 7-56.
6. Create necessary firewall access policies.
See “Create Access Policies for an IPsec Client-to-Site VPN” on page 7-68.
7. Create static routes to the remote endpoints, if necessary.
See “Verify Routes for the IPsec Client-to-Site VPN” on page 7-75.
8. Configure global IPsec settings (optional).
See “Configure Global IPsec Settings” on page 7-348.
9. Configure the clients with compatible settings.
For your reference, this chapter gives configuration guidelines for two
types of clients. See:
“Configure an HP ProCurve VPN Client” on page 7-365
“Configure IPSecuritas (Macintosh VPN Client)” on page 7-377