Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
571572573574575576577578579580
7-61
Virtual Private Networks
Configure an IPsec Client-to-Site VPN
Caution Take great care when specifying Any. You might inadvertently block necessary
traffic. For example, if you select a local subnet for the local addresses, Any
for the protocol, and Any for the remote addresses, the TMS zl Module will no
longer allow endpoints on the local subnet to send any traffic except to remote
VPN clients. You might need to create Bypass policies. See “Configure Bypass
and Deny IPsec Policies” on page 7-351.
e. For Remote Port, type a specific port number or leave the box empty
(which allows traffic to all ports). Typically, you should leave the box
empty.
f. If you selected ICMP for the protocol, for ICMP Type, leave Any.
Selecting a specific ICMP type requires you to use manual keying,
which is not typically an option for client-to-site VPNs.
9. For Proposal, select a previously configured IPsec proposal.
The IPsec proposal specifies the IPsec mode, IPsec protocol, and the
authentication and encryption algorithms that secure the VPN connec-
tion. See “Create an IPsec Proposal” on page 7-53.
10. Click Next.