TMS zl Management and Configuration Guide ST.1.0.090213
7-172
Virtual Private Networks
Configure the VPN Client
Configure a Windows XP SP2 Client for L2TP over IPsec
This section includes step-by-step instructions for configuring a Windows XP
SP2 client to establish a L2TP over IPsec connection to the TMS zl Module.
You have two options for configuring the client:
■ Use the New Connection Wizard and its default IPsec policies.
Using the default policies is the easiest way to set up the connection.
However, on the TMS zl Module, you must take care to configure proto-
cols, algorithms, and SA lifetime security settings that match the XP
client’s default proposals. Fortunately, the default TMS zl Module security
settings work with one exception—you must change the DH group in the
IKE policy to Group 2 instead of Group 1 when you use the other default
settings.
Table 7-7 on page 7-98 and Table 7-8 on page 7-98 show a variety of options
for the security settings.
For this method, see “Configuration with the New Connection Wizard” on
page 7-172.
■ Set up IPsec policies manually.
Manually configuring the policies allows you to control the exact security
settings for your environment. This method is recommended only for
expert users. For this method, see “Manual Windows XP Client Configu-
ration” on page 7-187.
In either case, for the configuration to work, you must configure L2TP over
IPsec settings on the module as described in “Configuring L2TP over IPsec”
on page 7-96. See “TMS zl Module Settings for an L2TP over IPsec Connection
to a Client Set Up with the Wizard” on page 7-183 for a table that shows all
necessary settings.
Configuration with the New Connection Wizard
Before you configure the VPN connection, make sure to uninstall the HP
ProCurve VPN client or any other third-party VPN client; these clients can
interfere with the Windows XP client.
Follow these steps to configure the Windows XP SP2 client:
1. On the Windows XP client, open the Network Connections window.
2. Click New Connection Wizard.
3. The wizard is launched. Click Next.
4. Select Connect to the network at my workplace.