Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
471472473474475476477478479480
4-301
Configuring a VPN on the HP TMS zl Module
L2TP over IPsec VPNs
Configure L2TP Authentication to an External
RADIUS Server
When authenticating users to an external RADIUS server, you must:
1. Create user groups.
See “Create a User Group” on page 4-301.
2. Specify a RADIUS server for the TMS zl Module to use (if you have not
already done so).
See “Specify a RADIUS Server” on page 4-307.
3. Configure RADIUS authentication for L2TP.
See “Configure RADIUS Authentication for L2TP” on page 4-311.
4. Set up the external RADIUS server to work with the TMS zl Module.
See “Set Up a RADIUS Server to Work with the TMS zl Module” on page 4-
317.
Create a User Group. When the RADIUS server authenticates an L2TP
user, it can send the name of a group to the TMS zl Module (in the Filter-ID
attribute). If you have configured that same group on the module, the module
will then apply the firewall access policies associated with that group to that
user. Assigning L2TP users to groups is best practice because L2TP users are
placed in the External zone; generally you do not want to create policies that
allow unauthenticated devices in the External zone to access your private
services.
This section includes the basic steps for setting up a user group. You will create
access policies for those groups a bit later.
1. It is important that you are at the correct level in the navigation tree when
you launch the Manage IPsec wizard:
To configure one TMS zl Module, select the module in the navigation
tree.
If you want to configure multiple modules, select the TMS zl folder.
2. Launch the Manage Users wizard in one of two ways:
Right-click the folder or device name in the navigation tree and select
TMS - Network > Manage Users.
In the main configuration window, click TMS - Network. Then click
the Manage Users Wizard icon.