TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

621

622

623

624

625

626

627

628

629

630

7-108

Virtual Private Networks

Configure an IPsec Site-to-Site VPN with IKE

4. For Policy Name, type an alphanumeric string between 1 and 32 characters.

The string must be unique to this policy.

5. By default the Enable this policy check box is selected, which means that

the policy will begin taking effect as soon as you finish it. Clear the check

box if you want to enable the policy later.

6. For Action, specify how the TMS zl Module treats traffic that is selected

by this policy (which you will configure in step 8):

• Apply—Traffic is forwarded to its destination and is secured by the

IPsec SA.

This is the typical selection.

• Bypass—Traffic is forwarded to its destination but is not secured by

the IPsec SA.

• Deny—Traffic is discarded.

To learn about creating Bypass and Deny policies, see “Configure Bypass

and Deny IPsec Policies” on page 7-354.

7. For Position, type a number.

The position determines the order in which the TMS zl Module processes

IPsec policies. The module processes the policy with the lowest value first

(for example, position 1 before position 2). The position matters most

when policies have overlapping traffic selectors. In this case, assign the

highest position (lowest value) to the IPsec policy with the most specific

traffic selector.

Note that you can specify a position that is already used by another policy.

The new policy is inserted above the former policy. You can use the arrow

icons in the Tools column in the VPN > IPsec > IPsec Policies window to

rearrange policies. Remember the policy at the top of the display is the

first policy processed.

A default IPsec policy prevents all traffic from being encrypted by the VPN

engine; therefore, all IPsec policies that you configure must have a higher

priority than this default policy.

Next, you configure the VPN traffic selector, which determines which traffic

will use the VPN tunnel. For example, the selector might specify all IP traffic

between 192.168.2.0/24 (a local network) and 192.168.3.0/24 (a remote net-

work). For a policy with the Apply action, the selected traffic is the traffic that

is sent and received (and secured) on the IPsec SA.