HP ProCurve Threat Management Solution Implementation Guide 2009-05

C-46

Configure VPNs Using the HP ProCurve Threat Management Services zl Module

Configure a Client-to-Site L2TP over IPsec VPN for Windows XP Clients

Figure C-55. Add Policy Window

g. Click Apply.

6. Permit L2TP traffic from the module to the remote endpoints:

a. For Action, leave the default, Permit Traffic.

b. For From, select Self.

c. For To, select the remote zone. For this example, select External.

d. For Service, select l2tp-udp.

e. For Source, leave Any Address or specify the local gateway IP address.

For this example, select the LocalGateway address object.

f. For Destination, leave Any Address.

If you know the public addresses of all of your remote endpoints, you could create a

named object with those addresses and specify that object here.

g. Click Apply.

7. You must consider the user group in which you want to configure the remaining access

policies.

The TMS zl Module applies the access policies for the None user group to all users.

Therefore, you can configure access policies to control the remote users’ traffic from the

None user group. However, you might want to create access policies that apply to specific

groups. For example, the dial-in accounts might divide remote users into groups that

require different levels of access. In that case, follow these steps, to select the correct user

group before configuring the remaining policies:

a. Click Close.

b. In the Firewall > Access Policies > Unicast window, for User Group, select the group to

which you assigned L2TP dial-in users.

c. Click Add a Policy.

8. Permit traffic from the remote endpoints to local endpoints:

a. For Action, leave the default, Permit Traffic.

b. For From, select External.