|
On the ProCurve University campus, the faculty need secure access to an FTP server in the research building. Site 1 is the faculty office building, and Site 2 is the research building, which is located across town. A Threat Management Services (TMS) zl Module at each site will form the gateways of the IPsec VPN tunnel. The faculty devices are all on VLAN7, which is in ZONE3 on Site 1. It will be necessary to exclude the address range 10.1.7.50 to 10.1.7.100 from using the VPN, because those users are not authorized to access the FTP server. On Site 2 the FTP server is on VLAN2 in the DMZ. Each site has an interface on a VPN_VLAN that connects to the Internet, and each VPN_VLAN is in EXTERNAL. On Site 1, the TMS zl Module performs source NAT (instead of the router) to translate all private addresses into a single public address for the Internet: 172.16.1.99. You will need to exclude the VPN connections from being translated. To create the VPN that is shown in the figure above, follow these steps. You can skip to each separate step by clicking the corresponding |