Configuring An Ike Client Configuration Pool - HP 7102dl - ProCurve Secure Router Configuration Manual

Virtual Private Networks
Configuring a VPN Using IPSec
N o t e
10-48
The remote user requests an IP address from the ProCurve Secure Router
between IKE phase 1 and phase 2 negotiations. It may also request addresses
for Domain Name System (DNS) and NetBIOS Windows Internet Naming
Service (WINS) servers. These servers will translate domain names to IP
addresses for the user.
The router uses IKE mode config to issue the remote user an address from a
client configuration pool. The peer now has an address in a network permitted
in the VPN and can establish an IPSec SA with the router. IKE mode config
allows remote users to function as members of the private network. These
VPN users appear as internal users on the network, which they can then
browse freely.
When you configure the ACL specifying which traffic is carried over the VPN
connection, you must include the addresses from the client configuration pool
as the permitted destination.

Configuring an IKE Client Configuration Pool

A client configuration pool contains the information the router needs to issue
configurations. For each pool, you must configure:
a range of IP addresses—You should use a separate network from those
used by local hosts.
You can optionally configure:
DNS server address (up to two)
WINS server address (up to two)
You create the client configuration pool from the global configuration mode
context:
Syntax: crypto ike client configuration pool <poolname>
For example:
ProCurve(config)# crypto ike client configuration pool VPNUsers
ProCurve(config-ike-client-pool)#
Next, specify the range of IP addresses that the router can assign to remote
users:
Syntax: ip-range <first A.B.C.D> <final A.B.C.D>