TMS zl Module Planning and Implementation Guide 2009-08
Table Of Contents
- Contents
- Glossary of Acronyms and Abbreviations
- 1.0 Purpose
- 2.0 Intended Audience
- 3.0 Objectives
- 4.0 Prerequisites
- 5.0 Skills
- 6.0 The HP ProCurve Threat Management Services zl Module
- 7.0 Common TMS Security Control Points
- 8.0 Deployment Considerations
- 9.0 Installation and Preparation of the TMS zl Module
- 10.0 Configuration of the TMS zl Module
- 11.0 Using multiple HP ProCurve Threat Management Services zl Modules
- Appendix A – Additional References
- Appendix B – Sample Company Information Assets Spreadsheet
- Sample “Information Assets” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Server Network Details” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “TMS Zones” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- “Firewall Rules” tab (See Embedded “Company Information Assets” Microsoft Excel 2003 spreadsheet)
- /Sample “Company Information Assets” Microsoft Excel 2003 spreadsheet
- Appendix C – Information Gathering Tools
- Appendix D - Updating Switch Software
- Appendix E – Emergency Recovery Process
Page 92
10.5.4 VPN Gateway
The problem: How do we protect private information that is transmitted via the public
Internet? The solution: A Virtual Private Network or VPN. There are two primary use
cases – the site-to-site VPN which protects traffic between two sites, such as a Main
Office and Branch Office. Alternatively, a VPN can also allow remote workers to “dial-
in,” to use common but outdated terminology, into their workplace. These two separate
needs have two separate configuration methodologies. Let’s discuss the site-to-site VPN
first.
10.5.4.1 Site-to-Site VPN
The site-to-site VPN discussed here will rely on IPsec and “tunnel mode” and
will connect two remotely located TMS zl Modules. We effectively will need
to “mirror” the VPN configuration of one TMS zl Module to the other as the
VPN configuration will need to match.
Here we have a typical site-to-site deployment between SITE A on the left and
SITE B on the right. For Site A, we’ll continue to use the Firewall & IPS
configuration from the previous sections and build on it. Site B is our branch
office site and we’ll start configuring there.
Figure 24