HP TMS zl Module Security Administrator's Guide
4-254
Configuring a VPN on the HP TMS zl Module
L2TP over IPsec VPNs
Only one IKE policy on each TMS zl Module can specify the client-to-site
type, main mode, and preshared keys. Therefore, if you are using pre-
shared key authentication, you must configure a single policy that is valid
for all of your remote L2TP users.
See “Create an IKE Policy for an L2TP over IPsec VPN” on page 4-256.
3. Create an IPsec proposal.
See “Create an IPsec Proposal for an L2TP over IPsec VPN” on page 4-269.
4. Create an IPsec policy for the L2TP traffic.
See “Create an IPsec Policy for an L2TP over IPsec VPN” on page 4-276.
5. Configure L2TP user authentication.
You must configure the TMS zl Module or modules to authenticate L2TP
users locally or to an external RADIUS server. See “L2TP User Authenti-
cation” on page 4-286.
6. Configure firewall access policies.
See “Create Access Policies for an L2TP over IPsec VPN” on page 4-319.
7. Check routes and, if necessary, add necessary routes.
See “Verify Routes for the L2TP over IPsec VPN” on page 4-322.
8. Configure global IPsec settings (optional).
See “Configure Global IPsec Settings” on page 4-429.
9. Configure the clients with compatible settings.
Refer to your clients’ documentation. (The HP Threat Management Ser-
vices zl Module Management and Configuration Guide also gives some
guidelines and example configurations.)
Create Named Objects for the VPN (Optional)
You might want to configure the named objects indicated in Table 4-29.
For your reference, this table includes the location where you would specify
these named objects. However, configuration instructions will indicate when
you actually need to specify each object. The table also includes a reference
to numbers in Figure 4-172. The number indicates the IP address for that
named object in an example network.
If you are configuring multiple modules, remember to configure the appropri-
ate objects on each module.