HP TMS zl Module Security Administrator's Guide
4-253
Configuring a VPN on the HP TMS zl Module
L2TP over IPsec VPNs
Configure an L2TP over IPsec Client-to-Site VPN
To create policies that are valid for an L2TP over IPsec VPN, you must select
some settings that the Deploy IPsec Remote-Access VPN wizard does not
allow. Therefore, you will use the Manage IPsec wizard to create IKEv1
policies, IPsec proposals, and IPsec policies for this type of VPN.
Using NIM and the Manage IPsec wizard, you can even configure a set of
similar L2TP over IPsec VPNs between multiple TMS zl Modules and remote
clients. When you use the Manage IPsec wizard to create VPN policies on
multiple modules at once, it configures the same settings for most parameters
on each module. However, you can configure individuals settings for a few.
Note that you must configure the IPsec policy individually for each module.
Table 4-28. IKE and IPsec Parameters in the Manage IPsec Wizard
Whether you are configuring one module or multiple modules, complete these
tasks to establish the L2TP over IPsec client-to-site VPN:
1. Create named objects (optional).
2. Create a client-to-site IKE policy.
Policy or Proposal Parameter Module-Specific or Same
for Every Selected Module
IKEv1 policy IKEv1 Policy Name Same
Policy Type Same
Local Gateway Module specific
Local ID Type and Value Module specific
Remote ID Type and Value Module specific
Key Exchange Mode Same
Authentication Method Same
Diffie-Hellman (DH) Group Same
Encryption Algorithm Same
Authentication Algorithm Same
SA Lifetime in Seconds Same
XAUTH Configuration Same
IPsec Proposal Proposal Name Same
Encapsulation Mode Same
Security Protocol Same
Encryption Algorithm Same
Authentication Algorithm Same