HP TMS zl Module Security Administrator's Guide
4-318
Configuring a VPN on the HP TMS zl Module
L2TP over IPsec VPNs
For example, if you are using the Microsoft IAS wizard to create your policy,
the wizard will automatically add condition attributes that the TMS zl Module
does not send (such as the connection type [NAS-Port-Type]). After you create
the policy, edit it, deleting any attributes that the TMS zl Module does not use
from the conditions.
• The policy grants authenticated users access.
• The policy defines the RADIUS attributes shown in Table 4-35 for the
connection.
Table 4-35. RADIUS Attributes Required for L2TP RADIUS Access-Accept
Messages
Note Some implementations of Microsoft Internet Authentication Service (IAS) do
not allow you to specify the Framed-IP-Address attribute; you will not see the
attribute in the list in the Advanced tab of the policy’s dial-in profile. In this
case, you can set the other two required attributes in the Advanced tab, but
you must set the address settings (if not specified in the AD user accounts) in
the IP tab. In this tab, select either:
■ Assign a static IP address and type the specific IP address that will be
assigned to the user.
■ Server must supply an IP address
Attribute Value Additional Guidelines
Service-Type Framed
Filter-ID Name of a user group on the TMS zl Module The value must match exactly a name that you
configured in “Create a User Group” on page 4-
301. When a user authenticates with this policy,
the firewall access policies configured for this
group on the module will control the user’s
access.
Framed-IP-Address If each user’s account specifies an IP address
(for example in AD):
No setting necessary
If the RADIUS server assigns users’ IP
addresses:
An exact IP address
You must create a different policy for each user.
If the TMS zl Module assigns users’ IP
addresses:
255.255.255.254
Remember to configure the range of IP
addresses in the Network > Authentication >
L2TP Users window.