TMS zl Management and Configuration Guide ST.1.0.090213
7-68
Virtual Private Networks
IPsec VPNs
– Manually type an IP address (for an L2TP over IPsec VPN, type
the IP address of the local VPN gateway), IP address range, or
network address in CIDR format (192.168.1.1/24).
Note Typically, the local addresses are internal addresses on your private
network while the local gateway address (which you configured in
the IKE policy) is the TMS zl Module’s public or external address. If,
however, for whatever reason the set of local addresses that you
specify here includes the local gateway address, you must create a
Bypass policy to exclude IKE traffic to and from the module from the
VPN. Otherwise the VPN cannot be established.
See “Configure Bypass and Ignore IPsec Policies” on page 7-84.
c. Local Port is present if you selected TCP or UDP for Protocol. Type a
specific port for the service to which remote clients are allowed
access or leave the field blank (which allows traffic to any port).
d. For Remote Address, specify the IP addresses of all remote endpoints
allowed to send and receive traffic over the VPN.
Do one of the following to specify addresses:
– Select Any to permit any IP address.
– Select a single-entry IP, range, or network address object.
– Manually type an IP address, IP address range, or network
address in CIDR format.
e. Remote Port is present if you selected TCP or UDP for Protocol. Type the
port number for the service that you want to allow local endpoints to
access in the remote network. Or leave the field blank (which allows
traffic to any port).
f. If you selected ICMP for the protocol, for ICMP Type, select Any, Echo,
or Timestamp.
9. For Proposal, select a previously-configured IPsec proposal.
The IPsec proposal specifies the IPsec mode, IPsec protocol, and the
authentication and encryption algorithms that secure the VPN connec-
tion. See “Create an IPsec Proposal” on page 7-53.
10. Click Next.
11. For Key Exchange Method, select Manual.