TMS zl Management and Configuration Guide ST.1.0.090213
7-77
Virtual Private Networks
IPsec VPNs
8. For Traffic Selector, configure these settings:
a. For Protocol, specify the protocol for traffic allowed over the VPN:
– Any—Any IP protocol. Select this option when you want to select
all traffic between local and remote endpoints.
– TCP or UDP—Select this option in conjunction with a local port to
allow remote clients to access only specific services in the local
network.
– ICMP—Select this option when you want to select only ICMP
traffic.
– IP Protocols—Select one of these Layer 3 protocols, which are
listed by their IANA IP Protocol numbers.
Service objects and service groups will not appear in this list.
b. For Local Address, specify the IP addresses for all local endpoints to
which remote users are allowed access.
Do one of the following to specify addresses:
– Typically, manually type an IP address, IP address range, or
network address in CIDR format.
The local addresses should be internal addresses on your private
network.
– Select a single-entry IP, range, or network address object.
An address object is not valid if you plan to configure IKE mode
config.
– Select Any to permit any IP address.
Any is not valid if you plan to configure IKE mode config. In fact,
you should always take care when specifying Any in a traffic
selector. You could inadvertently select traffic that should not be
part of the VPN and block that traffic from reaching its destina-
tion.
c. Local Port is present if you selected TCP or UDP for Protocol. Type the
port number for the service to which you want to allow remote users
access. Leave the box empty to allow traffic to all ports.
d. The Remote Address setting depends on whether you will use IKE
mode config or not.
If you will use IKE mode config, specify the same addresses that you
will configure for the IKE mode config pool:
– Manually type an IP address, IP address range, or network
address in CIDR format
– Select a single-entry IP, range, or network address object.