TMS zl Management and Configuration Guide ST.1.1.100430
7-375
Virtual Private Networks
Configure an HP ProCurve VPN Client
sary routes should be in place on the TMS zl Module. In this configuration, the
TMS zl Module reaches remote clients on a VLAN in the External zone (which
is a typical configuration).
Table 7-34. VPN Settings on the TMS zl Module
Parameter Valid Settings Configuration Window
IKE policy
Policy Type Client-to-Site (Responder) Add IKE Policy—Step 1 of 3
Local Gateway TMS zl Module’s IP address or VLAN in the External zone
Matches the IP address set in step 8 or step 9 on page 7-367
Local ID Type Matches the type set in step 8 on page 7-367
Local ID Value Matches the value set in step 8 on page 7-367
Remote ID Type Any type that you want
Matches the type set in step 12 on page 7-369
Remote ID Value 0.0.0.0 if you select IP Address for the ID type
If you select another ID type, matches the value set in step
13 on page 7-369
Key Exchange Mode Matches the mode set in step 20 on page 7-373 Add IKE Policy—Step 2 of 3
Authentication Method Matches the method selected in step 10 on page 7-368
Preshared Key (if
Preshared key was
selected)
Matches the string configured in step 10 on page 7-368
Security Parameters
Proposal
Matches the settings configured in step 16 on page 7-371
XAUTH Configuration Matches the setting configured in step 17 on page 7-372:
• Disable XAUTH if the client does not use XAUTH
• TMS acts as XAUTH Server if the client uses XAUTH
Add IKE Policy—Step 3 of 3
IPsec proposal
Encapsulation Mode Tunnel Add IPsec Proposal
Protocol Matches the settings configured in step 19 on page 7-373
Encryption Algorithm (if
you selected ESP)
Matches the settings configured in step 19 on page 7-373
Authentication Algorithm Matches the settings configured in step 19 on page 7-373
IPsec policy Add IPsec Policy—Step 1 of 4
Action Apply
Position Any position
Protocol Matches the setting configured in step 6c on page 7-367
Local Address Matches the settings configured in step 6a and b on page 7-
367