HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

431

432

433

434

435

436

437

438

439

440

4-255

Configuring a VPN on the HP TMS zl Module

L2TP over IPsec VPNs

See Chapter 6: “Configuring the TMS zl Module Firewall” for step-by-step

instructions for configuring objects.

Table 4-29. Possible Named Objects for L2TP over IPsec VPNs

Figure 4-172. Example L2TP over IPsec VPN

Figure

Reference

Named Object Type Named Object Description Location Where the Named Object

is Specified

1 Single-entry IP address object The TMS zl Module’s IP address

that will be the local VPN gateway

• Source or Destination for

firewall access policies that

permit IKE and L2TP traffic

• Local Address in the IPsec

policy traffic selector

2 Single-entry or multiple-entry IP,

range, or network address object

The IP addresses of local

endpoints that remote endpoints

will be allowed to access

Source or Destination for firewall

access policies that permit traffic

sent across the VPN

3 Single-entry or multiple-entry IP,

range, or network address object

The actual IP addresses of remote

VPN clients

Source or Destination for firewall

access policies that permit IKE and

L2TP traffic

4 Single-entry or multiple-entry IP,

range, or network address objects

The virtual IP addresses assigned

to remote VPN clients (by the TMS

zl Module or by an external

RADIUS server)

Source or Destination for firewall

access policies that permit traffic

sent across the VPN