TMS zl Management and Configuration Guide ST.1.0.090213
7-24
Virtual Private Networks
IPsec VPNs
6. For Local Gateway, specify an IP address on this module. You have two
options:
•Select IP Address and type the IP address in the box.
The IP address must be an IP address configured on the TMS zl
Module. Type an address that the remote gateway can reach.
•Select Use VLAN IP Address and select a VLAN from the list.
Select the VLAN on which the remote gateway reaches the TMS zl
Module.
Note You must configure firewall access policies to allow the TMS zl Module
to send IKE messages to the remote gateway. See “Access Policies for an
IPsec Site-to-Site VPN with IKE” on page 7-112.
7. For Remote Gateway, specify the IP address or fully qualified domain name
(FQDN) of the remote gateway:
•Select IP Address (Peer ID) and type the IP address in the box.
You must type the IP address that the remote gateway specifies for
its local IP address. Use the IP address at which the TMS zl Module
can reach the remote gateway (typically, a public IP address).
•Select Name and type the FQDN in the box.
The TMS zl Module must be able to resolve the FQDN to the remote
gateway’s accessible IP address. (Make sure that you have configured
a DNS server.)
Note You must configure firewall access policies to allow the IKE messages
from the remote gateway. See “Access Policies for an IPsec Site-to-Site
VPN with IKE” on page 7-112.
8. For Local ID, configure the ID that the TMS zl Module sends to authenticate
itself. This ID must match exactly, in both type and value, the remote ID
specified on the remote endpoint. For more information about ID types,
see “IKE Phase 1” on page 7-9.
a. For Type , select the ID type:
– IP Address
– Domain Name
– Email Address
– Distinguished Name
b. For Value, type the correct value.
If you select IP Address for Type , the address that you specify in the Value
box must match the IP address that you specified for the local gateway.