Map Entry; Defining Traffic Allowed Over The Vpn Tunnel - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual

N o t e
If peers' digital certificates use ASN-DNs, you must enter the fields exactly as
they are in the certificate. You can use the wildcard character (*) for some of
the fields. See Table 8-13 on page 8-33 for the command syntax for specifying
the remote ID.
Mapping the Remote ID to an IKE Policy and Crypto Map Entry
You can associate a peer's remote ID with a specific IKE policy and crypto
map entry. This option can ease configuration and troubleshooting. You can
quickly associate a peer with the policies that the router proposes to it.
To associate IKE and IPSec policies with a peer, enter this command:
Syntax: crypto ike remote-id [address <A.B.C.D> | any | asn-dn <distinguished name>
| fqdn <domain name> | user-fqdn <email address>] [preshared-key <key>] [ike-policy
<policy number> [crypto map <mapname> <map index>]
For example, enter a command such as this:
ProCurve(config)# crypto ike remote-id address 10.2.2.1 preshared-key mysecret ike-
policy 2 crypto map VPN 20
If you associate the remote ID with a crypto map entry that has not yet been
configured, the Secure Router OS will automatically create such an entry. See
"Crypto Maps" on page 8-42 for instructions on configuring a crypto map.
Take care to associate the remote ID with the IKE policy and/or crypto map
that includes that peer's correct public IP address.
If you are only configuring one IKE policy and crypto map entry, you need not
use this option.

Defining Traffic Allowed over the VPN Tunnel

You define which networks connect over an individual VPN tunnel as follows:
1. Create an extended ACL.
2. Add entries to the ACL denying any hosts not authorized to access the
VPN.
3. Add entries to the ACL permitting traffic from the local network to the
remote network.
4. Apply the ACL to the crypto map entry that defines the tunnel's IPSec SA.
Virtual Private Networks
Configuring a VPN Using IPSec
8-35