TMS zl Management and Configuration Guide ST.1.0.090213

7-98

Virtual Private Networks

Layer 2 Tunneling Protocol (L2TP) over IPsec

Table 7-7. IKE Security Settings Proposed by Windows XP Clients

3. If you selected a DSA or RSA signature for the authentication method in

the IKE policy, install certificates.

See “Install Certificates for IKE” on page 7-37.

4. Create an IPsec proposal.

See “Create an IPsec Proposal” on page 7-53 and follow these guidelines:

• Set the encapsulation mode to transport.

• Match the protocol and algorithms to one of the default proposals

sent by Windows XP clients shown in Table 7-8.

Table 7-8. IPsec Security Settings Proposed by Windows XP Clients

5. Create an IPsec policy for the L2TP traffic.

See “Create an IPsec Policy for a Client-to-Site IPsec VPN” on page 7-73

and follow these guidelines:

•Set the Action to Apply.

• Use these settings for the traffic selector:

– Protocol = UDP

– Local Address = The IP address configured as the local gateway in

the IKE policy

– Local Port = 1701

– Remote Address = Any

– Remote Port = 1701

Proposal Encryption Algorithm Authentication Algorithm Diffie-Hellman Group SA Lifetime in Seconds

1 3DES SHA-1 2 28800

2 3DES MD5 2 28800

3 DES SHA-1 1 28800

4 DES MD5 1 28800

Proposal Protocol Encryption Algorithm Authentication Algorithm

1 ESP 3DES SHA-1

2 ESP 3DES MD5

3 ESP DES SHA-1

4ESP DES MD5