TMS zl Management and Configuration Guide ST.1.1.100226
7-8
Virtual Private Networks
IPsec Concepts
IPsec Concepts
IPsec, which supports a variety of industry-standard authentication and
encryption protocols, is a flexible, highly secure method of establishing a VPN.
The TMS zl Module can act as the gateway device for the IPsec VPN—that is,
the tunnel endpoint. The other end of the tunnel can be another VPN gateway
(in a site-to-site VPN) or a remote endpoint (in a client-to-site VPN).
An IPsec VPN is created with one or more elements of the IPsec protocol suite:
■ Authentication Header (AH)
■ Encapsulation Security Payload (ESP)
■ Internet Key Exchange (IKE)
This section describes how these protocols interact to establish the secure
tunnel or security association (SA). An in depth understanding of IPsec will
help you to configure your VPN correctly.
TMS zl Module IPsec with IKEv1 site-to-site
VPN
“Configure an IPsec Site-to-Site VPN with IKE” on page 7-76
IPsec with manual keying
site-to-site VPN
*Not generally
recommended
“Configure an IPsec Site-to-Site VPN with Manual Keying” on
page 7-122
GRE tunnel
*Not recommended when
high security is required
“Configure a GRE Tunnel” on page 7-187
GRE over IPsec VPN with
IKEv1
“Configure a GRE over IPsec VPN with IKE” on page 7-208
GRE over IPsec VPN with
manual keying
*Not generally
recommended
“Configure a GRE over IPsec VPN with Manual Keying” on
page 7-265
Remote VPN Gateway or
Clients
VPN Type Configuration Instructions
for the TMS zl Module
Configuration Instructions for
the Remote Client or Gateway