Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
641642643644645646647648649650
7-124
Virtual Private Networks
Configure an IPsec Site-to-Site VPN with Manual Keying
Configure an IPsec Site-to-Site VPN with
Manual Keying
To configure an IPsec VPN connection, you must complete these tasks:
1. Optionally, create named objects, which you can use in IPsec policies as
well as corresponding firewall access policies.
Using named objects is best practice; however, you can specify IP
addresses manually. See “Create Named Objects for the VPN (Optional)”
on page 7-124.
2. Create an IPsec proposal.
See “Create an IPsec Proposal” on page 7-125.
3. Create an IPsec policy.
See “Create an IPsec Policy That Uses Manual Keying” on page 7-128.
4. Create necessary firewall access policies.
See “Create Access Policies for an IPsec Site-to-Site VPN with Manual
Keying” on page 7-138.
5. Create a static route, if necessary.
See “Verify Routes for an IPsec Site-to-Site VPN” on page 7-141.
6. Configure global IPsec settings (optional).
See “Configure Global IPsec Settings” on page 7-351.
7. Configure the remote VPN gateway with compatible settings.
See you gateway device’s configuration guide for instructions.
Create Named Objects for the VPN (Optional)
You might want to configure the named objects indicated in Table 7-11. (You
can, of course, configure other objects that are appropriate for your environ-
ment.) For your reference, this table includes the location where you would
specify these named objects. However, later configuration instructions will
indicate when you actually need to specify each object. The table also includes
a reference to numbers in Figure 7-104. The number indicates the IP address
for that named object in an example network.