Configuring A Client-To-Site Vpn - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual

Virtual Private Networks
Quick Start
Parameters
peer ID
peer's remote ID
preshared key (if using)
8-94
• distinguished name (with digital certificates only):
Syntax: crypto ike remote-id asn1-dn <distinguished name> [ike-policy <pol-
icy number>] [crypto map <mapname> <map sequence>]
You can use the * wildcard character to configure a remote ID that
matches multiple remote peers.
22. Apply the crypto map to the WAN interface that connects to the Internet.
Move to the logical interface configuration mode context and enter:
Syntax: crypto map <mapname>
For example:
ProCurve(config)# int ppp 1
ProCurve(config-ppp 1)# crypto map VPN
The local and remote gateways must also somehow exchange routing infor-
mation. You can use BGP to communicate routes to your ISP, which then
tunnels them to the remote router. (See Chapter 13: IP Routing—Configur-
ing RIP, OSPF, BGP, and PBR.) You can also tunnel a multicast routing
protocol such as RIP or OSPF through the Internet yourself using a GRE
tunnel. See Chapter 9: Configuring a Tunnel with Generic Routing Encap-
sulation.

Configuring a Client-to-Site VPN

You can print Table 8-32 and fill it out with the settings for your VPN. You can
then use the worksheet to complete the quick start commands.
Table 8-32. Quick Start Settings for a Client-to-Site VPN
Options
any
• IP address (A.B.C.D)
• fully-qualified domain name
(FQDN)
• email address
• abstract syntax notation
distinguished name (ASN-
DN), for digital certificates
only
• any
alphanumeric string
Obtain Setting From
—
mobile users—You should
either use any or wildcards to
match multiple users. If you
are using digital certificates,
the remote ID should match
the corresponding field in
authorized certificates.
match peer
Your Setting
any