Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
491492493494495496497498499500
4-319
Configuring a VPN on the HP TMS zl Module
L2TP over IPsec VPNs
This setting allows the TMS zl Module to assign IP addresses to users from the
range configured in the TMS-Network > Authentication > L2TP Addresses win-
dow.
Create Access Policies for an L2TP over IPsec VPN
To permit VPN traffic, you must create firewall access policies on each TMS
zl Module that supports an L2TP over IPsec VPN.
Before you begin configuring firewall access policies, determine the zone on
which traffic from the remote endpoints arrives. This is the zone associated
with the TMS VLAN on which local VPN gateway address is configured. Often,
this is the External zone, but it could be another zone.
After the remote endpoints have received virtual IP addresses, their traffic is
considered to have originated in the External zone.
You should also determine the zone for local endpoints allowed on the VPN.
This might be the Internal zone or another zone.
Figure 4-236 shows these zones in the example figure for an L2TP over IPsec
VPN.