TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

581

582

583

584

585

586

587

588

589

590

7-70

Virtual Private Networks

Configure an IPsec Client-to-Site VPN

Exact steps for configuring these policies are given below:

1. In the left navigation bar of the Web browser interface, click Firewall >

Access Policies > Unicast.

2. Click Add a Policy.

3. Allow IKE messages from the remote endpoints.

a. For Action, leave the default Permit Traffic.

b. For From, select the remote zone.

c. For To, select Self.

d. For Service, select isakmp.

e. For Source, accept the default, Any Address.

If you know the public addresses of all of your remote endpoints

(indicated by 3 in the example figure) and have created a named

object with those addresses, you can specify that object here. How-

ever, allowing any IP address is the easiest way to set up the VPN. IKE

will provide authentication, ensuring that only the correct endpoints

can connect.

f. For Destination, specify the TMS zl Module local VPN gateway address

(indicated by 1 in the example figure).

No IKE mode

config

XAUTH

user

groups or

None

Remote SELF Any you

choose

3 2 1356 As many

as you

choose

• No IKE

mode

config

• Local

endpoints

initiate

sessions

with

remote

None (or

local

user

groups)

Local Remote Any you

choose

2 3 1356 As many

as you

choose

When NAT-T is

used

None Remote SELF NAT-T (ipsec-

nat-t-udp)

3 or Any

1—

When NAT-T is

used

None SELF Remote NAT-T (ipsec-

nat-t-udp)

13 or Any— 1

When

Required

User

Group

From Zone To Zone Service Source Destination TCP MSS Number

policies