TMS zl Management and Configuration Guide ST.1.2.100916
7-379
Virtual Private Networks
Configure an HP ProCurve VPN Client
Local Port Matches the settings configured in step 6d on page 7-370
Remote Address Any
Remote Port Empty
Proposal IPsec proposal that you created for the IPsec connection
IKEv1 Policy IKE policy that you created for the IPsec connection Add IPsec Policy—Step 2 of 4
Enable PFS (Perfect
Forward Secrecy) for
keys
Matches the setting configured in step 22 on page 7-377
SA Lifetime in Seconds Matches the settings configured in step 19 on page 7-376
SA Lifetime in Kilobytes Matches the settings configured in step 19 on page 7-376
Enable IP Address Pool
for IRAS (Mode Config)
Check box is selected
Other settings
Add IPsec Policy—Step 3 of 4
IRAS IP Address/Mask IP address in a private subnet with addresses reserved for
remote clients
Firewall Zone • The source zone for traffic that arrives from the remote
clients
• The destination zone for traffic sent to remote client
IP Address Ranges IP addresses in the same subnet as the IRAS IP address
• Primary DNS Server
• Secondary DNS
Server
• Primary WINS server
• Secondary WINS
server
IP addresses of your network’s servers (which the remote
clients can access)
Advanced Settings
(Optional)
Default settings Add IPsec Policy—Step 4 of 4
Firewall access policies
User Group None • Permit Self External isakmp Any Any
• Permit External Self isakmp Any Any
• Other access policies that control traffic from the remote
client
Add Policy
If XAUTH is enabled, User
Group <group configured
for the remote user>
Access policies that control traffic from the remote client Add Policy
Parameter Valid Settings Configuration Window