<< Start Page for Example 2

Create a Client-to-Site IKE Policy (2 of 3) >>

 

Example 2: IPsec VPN, Client-to-Site

Create a Client-to-Site IKE Policy (Step 1 of 3)

 

Follow these steps to create an IKE Internet Key Exchange policy that the Threat Management Services (TMS) zl Module can use to negotiate the client-to-site VPN between the VPN client and the main campus.

 

The steps for the HP ProCurve VPN Client will show where to configure the same parameters as those on the TMS zl Module. In reality, you would probably configure the VPN client parameters in a different order.

TMS zl Module

HP ProCurve VPN Client

  1. Select VPN > IPsec > IKEv1 Policies.

  2. Click Add IKE Policy.

  3. For IKE Policy Name, type remoteVPN.

  4. For IKE Policy Type, select Client-to-Site (Responder).

  1. For Local Gateway, select Use VLAN IP Address and select VLAN99 from the list.

  1. For Local ID, select IP Address from the Type list, then type 172.16.99.99 in the Value box.

  2. For Remote ID, select Email address from the Type list, then type *@procurveu.edu in the Value box.

  3. Click Next.

  1. On the Windows Start menu, select All Programs > ProCurve VPN Client > Security Policy Editor.

  2. In the Security Policy Editor window, select Options > Secure > Specified Connections.

  3. Select Edit > Add > Connection.

  4. Name the connection VPN2campus.

  5. Click the expand icon  for VPN2campus.

  6. Click My Identity.

  7. For Select Certificate, select None.

  8. For ID Type, select E-mail address and type user1@procurveu.edu.

  9. Click VPN2campus.

  10. Under Remote Party Identity and Addressing, configure the following:

  1. Select the Connect using check box and select Secure Gateway Tunnel from the list.

  2. For ID Type, select IP Address and type 172.16.99.99 in the space provided.

<< Start Page for Example 2

Create a Client-to-Site IKE Policy (2 of 3) >>