TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

641

642

643

644

645

646

647

648

649

650

7-124

Virtual Private Networks

Configure an IPsec Site-to-Site VPN with Manual Keying

See “Named Objects” in Chapter 4: “Firewall” for step-by-step instructions for

configuring objects.

Table 7-11. Possible Named Objects for an IPsec Site-to-Site VPN with Manual

Keying

Figure 7-104. Example IPsec Site-to-Site VPN

Create an IPsec Proposal

Each IPsec proposal specifies the following:

■ IPsec mode (tunnel or transport)

■ IPsec security protocol:

• AH and a single authentication algorithm

• ESP, a single authentication algorithm, and a single encryption

algorithm

Figure

Reference

Named Object Type Named Object Description Location Where the Named

Object is Specified

2 Single-entry IP, range, or network

address objects

The IP addresses of local

endpoints that are allowed to send

traffic over the VPN

• Local Address in the IPsec

policy traffic selector

• Source or Destination for

firewall access policies that

permit traffic sent across the

VPN

4 Single-entry or multiple-entry IP,

range, or network address objects

The IP addresses of endpoints

behind the remote VPN gateway

• Remote Address in the IPsec

policy traffic selector

• Source or Destination for

firewall access policies that

permit traffic sent across the

VPN