TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

871

872

873

874

875

876

877

878

879

880

7-356

Virtual Private Networks

Configure Bypass and Deny IPsec Policies

Note that you can specify a position that is already used by another policy.

The new policy is inserted above the former policy. You can use the arrow

icons in the Tools column in the VPN > IPsec > IPsec Policies window to

rearrange policies. Remember the policy at the top of the display is the

first policy processed.

A default IPsec Bypass policy prevents all traffic from being encrypted by

the VPN engine; therefore, all IPsec policies that you configure must have

a higher priority than this default policy.

Next, you configure the VPN traffic selector, which determines which traffic

is selected by the policy. For example, the selector might specify all IP traffic

between 192.168.2.0/24 (a local network) and 192.168.3.0/24 (a remote net-

work).

9. For Traffic Selector, configure these settings:

– Any—Any IP protocol. Select this option when you want to select

all traffic between local and remote endpoints.

– TCP or UDP—Select this option in conjunction with a local port to

select remote traffic that is destined for specific services in the

local network. Select this option in conjunction with a remote

port to select local traffic that is destined for specific services in

the remote network.

– ICMP—Select this option when you want to select only ICMP

traffic or ICMP traffic of a specific type.

– IP Protocols—Select one of these Layer 3 protocols, which are

listed by their IANA IP Protocol numbers.

Service objects and service groups will not appear in this list.

a. For Local Address, specify the IP addresses for all local traffic selected

by this policy.

Do one of the following to specify addresses:

– Select Any to select any IP address.

– Select a single-entry IP, range, or network address object.

– Manually type an IP address, IP address range, or network

address in CIDR format

b. Local Port is present if you selected TCP or UDP for Protocol. Type the

port number for the service that you want to select. Leave the box

empty to select all ports.

c. For Remote Address, specify the addresses of the remote endpoints to

which this policy applies.

– Select Any to select any IP address.

– Select a single-entry IP, range, or network address object.

– Manually type an IP address, IP address range, or network

address in CIDR format.