Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
871872873874875876877878879880
7-355
Virtual Private Networks
Configure Bypass and Deny IPsec Policies
Configuration Steps
Follow these steps to create a Bypass or Deny IPsec policy:
1. In the left navigation bar of the Web browser interface, select VPN > IPsec.
2. Click the IPsec Policies tab.
Figure 7-302. VPN > IPsec > IPsec Policies Window
3. Click Add IPsec Policy.
4. For Policy Name, type an alphanumeric string between 1 and 10 characters.
The string must be unique to this policy.
5. The policy does not take effect until it is enabled. Select the Enable this
policy check box to enable the policy as soon as you finish it. Clear the
check box if you want to enable the policy later.
6. For Action, select how the TMS zl Module treats traffic that is selected for
this policy (which you will configure in step 9):
Bypass—Traffic is forwarded to its destination but is not secured by
the IPsec SA.
Deny—Traffic is discarded.
7. Select an option for Direction:
•Both
Inbound
Outbound
The default selection is Both, which means that the policy applies to both
inbound and outbound traffic.
8. For Position, type a number.
The position determines the order in which the TMS zl Module processes
IPsec policies. The module processes the policy with the lowest value first
(for example, position 1 before position 2). The position matters most
when policies have overlapping traffic selectors. In this case, assign the
highest position (lowest value) to the IPsec policy with the most specific
traffic selector.