Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
811812813814815816817818819820
7-293
Virtual Private Networks
Configure a GRE over IPsec VPN with Manual Keying
Create Access Policies for a GRE over IPsec VPN That
Uses Manual Keying
Before you begin configuring firewall access policies, determine the zone on
which traffic from the remote tunnel gateway arrives. This is the zone associ-
ated with the TMS VLAN on which the tunnels source IP address is configured.
The instructions below will refer to this zone as the “remote zone.”
Also, determine the zone that you configured for the tunnel’s Firewall Zone
Association setting. The instructions below will refer to this zone as the
“tunnel zone.”
Determine the zone for local endpoints that are allowed to send traffic over
the tunnel. The instructions below will refer to this zone as the “local zone.”
Figure 7-254 shows these zones in the example figure for a GRE over
IPsec VPN.
Figure 7-254. Example GRE over IPsec VPN (with Zones)
Table 7-27 lists the necessary access policies; the numbers in the Source and
Destination columns refer to the example figure above. (Note that all of these
policies are typically configured for the None User group. However, if local
users log in through the module, then the access policies with the local zone
as the source zone would use that user group.)