TMS zl Management and Configuration Guide ST.1.1.100226
7-6
Virtual Private Networks
Introduction
Introduction
The Threat Management Services (TMS) zl Module supports virtual private
networks (VPNs), which are tunnels that connect two trusted endpoints
through an untrusted network. The tunnel typically provides data integrity and
data privacy for traffic transmitted over the tunnel.
The TMS zl Module supports these options for VPNs:
■ IP security (IPsec):
• Client-to-site VPNs with Internet Key Exchange (IKE) version 1
• Site-to-site VPNs:
–With IKE v1
– With manual keying
■ L2TP and L2TP over IPsec—client-to-site VPNs
■ Generic Routing Encapsulation (GRE) tunneling—site-to-site VPNs
■ GRE over IPsec—GRE does not offer robust security on its own. GRE
over IPsec is a secure tunnel.
The module can support up to 4800 concurrent VPN connections.
If you know which type of VPN you want to configure, see Table 7-1 for the
page at which the configuration instructions begin. (The table also indicates
where you can find general background information on the technologies
involved.)
Table 7-1. VPN Configuration Instructions
VPN Type Configuration Instructions Concepts
Client-to-site—IPsec with
IKE v1
“Configure an IPsec Client-to-Site VPN” on
page 7-27
“IPsec Concepts” on page 7-8
Site-to-site—IPsec with
IKEv1
“Configure an IPsec Site-to-Site VPN with
IKE” on page 7-76
Site-to-site—IPsec with
manual keying
“Configure an IPsec Site-to-Site VPN with
Manual Keying” on page 7-122
Client-to-site—L2TP over
IPsec
“Configure an L2TP over IPsec VPN” on page
7-142
• “IPsec Concepts” on page 7-8
• “Layer 2 Tunneling Protocol (L2TP) over
IPsec Concepts” on page 7-141
Site-to-site—GRE tunnel “Configure a GRE Tunnel” on page 7-187 “Generic Routing Encapsulation (GRE)
Concepts” on page 7-183