Security Solutions
3-145
Designing Access Controls
Lay Out the Network
(However, even some homes feature simple LANs.) If the remote endpoint
does have a NATed IP address, the VPN gateway must support NAT Traversal
(NAT-T); otherwise, the VPN connection fails.
The Secure Router 7000dl supports NAT-T in addition to the VPN capabilities
listed in Table 3-116.
Table 3-116. VPN Capabilities of the ProCurve Secure Router 7000dl Series
Remote users need a VPN client on the endpoints they use to access the
network. The client must, of course, support the options you have configured
on your VPN gateway. Although most Windows and Mac workstations provide
some form of VPN support, you might encourage or require users to install a
vendor VPN client to add support for more options and possibly simplify
configuration.
When you purchase the ProCurve Secure Router 7100/7200 IPSec VPN Module
and IPSec Base VPN Module, you receive a 10-user license for the ProCurve
VPN Client. Some capabilities of this client are listed in Table 3-117.
Module VPN Protocol Maximum
Number of
Tunnels
Encryption and
Hash Algorithms
Support for NAT-T Support for Xauth
IPSec VPN Base
Module (J9026A)
• IPsec with IKE
• IPsec with
manual keying
10 • Hash:
–HMAC-MD5
–HMAC-
SHA1
• Encryption:
–DES
–3DES
–AES with
128-, 196-, or
256-bit keys
Yes Yes
IPSec VPN
Module (J8471A)
• IPsec with IKE
• IPsec with
manual keying
1000 • AH:
–MD5
– SHA-1
• ESP:
–DES
–3DES
–AES with
128-, 196-, or
256-bit keys
Yes Yes