Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
641642643644645646647648649650
7-129
Virtual Private Networks
Configure an IPsec Site-to-Site VPN with Manual Keying
A default IPsec policy prevents all traffic from being encrypted by the VPN
engine; therefore, all IPsec policies that you configure must have a higher
priority than this default policy.
Next, you configure the VPN traffic selector, which determines which traffic
is selected by the policy. For example, the selector might specify all IP traffic
between 192.168.2.0/24 (a local network) and 192.168.3.0/24 (a remote net-
work). For a policy with the Apply action, the selected traffic is the traffic that
is sent and received (and secured) on the IPsec SA.
Note If your traffic selector will include management traffic, you must configure a
Bypass policy with top priority that selects the management traffic, or you will
be locked out of the Web browser interface. If you do lock yourself out, reboot
the module, but DO NOT SAVE the configuration.
See “Configure Bypass and Deny IPsec Policies” on page 7-351.
If your traffic selector will include traffic that is also selected for NAT, you
must create a NAT exclusion policy. See “Exclusion NAT Policies” in
Chapter 5: “Network Address Translation.”
Refer to Figure 7-110 for help in configuring the traffic selector.
Figure 7-110. Example IPsec Site-to-Site VPN