|
ProCurve University maintains a server farm in VLAN77 that contains its bookstore's storefront applications, including databases of customer credit-card numbers. To protect the databases from internal intrusion, only users on VLAN20 — the accounting department — are allowed to access VLAN77. The Threat Management Services (TMS) zl Module is housed in a switch that administers VLAN20. VLAN77, however, is connected to an HP ProCurve Secure Router 7203dl and is not configured on the TMS zl Module's host switch. To permit the users on VLAN20 only to securely access VLAN77, an IPsec VPN connection is configured between the TMS zl Module and the router. This example assumes that on the 7203dl, the interface eth 0/2 is running in 802.1q mode with the VLAN99 address as 172.16.99.1/24. This example will show how to configure the router using its Web browser interface, using the default settings on the router, which are the same as the default settings on the TMS zl Module. The VPN will be established with IKE Internet Key Exchange. You cannot establish a site-to-site VPN with an HP ProCurve Secure Router 7000dl using manual keying. To create the VPN that is shown in the figure above, you must follow these steps: You can skip to each separate step by clicking the corresponding |