HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

491

492

493

494

495

496

497

498

499

500

4-317

Configuring a VPN on the HP TMS zl Module

L2TP over IPsec VPNs

If you need to change any settings, click Back until you reach the appro-

priate window and can select a different setting.

When you are ready to apply the configuration, click Next in the Summary

of Changes window.

11. A window is displayed, showing the setting being applied to the TMS zl

Module. When you see that they have been applied successfully, click

Close.

Set Up a RADIUS Server to Work with the TMS zl Module. This sec-

tion provides guidelines for setting up a RADIUS server so that it can provide

L2TP authentication for your TMS zl Module or modules. You should refer to

your server’s documentation for precise instructions.

You must complete the following on your RADIUS server:

■ Add each TMS zl Module as a client. Set the shared secret to the same

string that you configured on the module when you specified this RADIUS

server.

■ Create one or more policies on the RADIUS server to authenticate L2TP

clients. Each policy must meet these criteria:

• The policy selects requests sent from the TMS zl Module.

Table 4-34 shows the attributes that the module includes for L2TP-

related requests. You can use these attributes to ensure that the

request is matched to the proper policy. For example, you could create

policies that select requests from the L2TP users’ actual IP addresses.

Or a policy could select requests from users in a specific group.

Table 4-34. RADIUS Attributes Sent in L2TP RADIUS Request

Note The RADIUS policy used to authenticate L2TP users must not use other

attributes as conditions, or the authentication requests will not be selected.

(Note that you can specify a user group as a condition as this corresponds to

username attribute).

Attribute Value

Username L2TP user’s username

Password L2TP user’s password

Calling-Station-ID L2TP user’s actual IP address

NAS-Identifier NAS Identifier configured for the module when you

specified the RADIUS server

NAS-IP-Address Module IP address on the TMS VLAN that connects

to the RADIUS server