<< Back to VPN Examples

Start >>

 

Example 2: IPsec VPN, Client-to-Site

 

 

To see how to set up this IPsec VPN with the IPSecuritas VPN client for Macintosh, click here.

At ProCurve University, the faculty needs to access the private network at the main campus while they are at home or travelling. A Threat Management Services (TMS) zl Module on the main campus will form one end of the IPsec VPN tunnel, and the HP ProCurve VPN Client on the laptop will form the other end.

The TMS zl Module has an interface to connect to the WAN router (172.16.99.99) on VLAN99 which is associated with EXTERNAL. The rest of the private network VLANs are associated with INTERNAL.

While they are connected to the private network through the VPN, the VPN clients are given an address in the 10.27.27.0/24 subnet through IKE mode config (not NAT). This subnet has been placed in ZONE3 as VLAN27. On the Internet, the clients' IP addresses are in the 172.19.0.0/16 network.

To create the VPN that is shown in the figure above, you must follow these steps:

  1. Create a client-to-site IKEv1 policy. 

  2. Create named objects. 

  3. Create a tunnel mode IPsec proposal. 

  4. Create an IPsec policy. 

  5. Create the firewall access policies. 

  6. Create static routes. 

You can skip to each separate step by clicking the corresponding  icon, or you can click Start >> to see the entire process in order.

<< Back to VPN Examples

Start >>