TMS zl Management and Configuration Guide ST.1.1.100226
7-71
Virtual Private Networks
Configure an IPsec Client-to-Site VPN
f. For Destination, accept the default, Any Address.
If you know the public addresses of all of your remote endpoints and
have created a named object with those addresses, you can specify
that object here. However, allowing any IP address is the easiest way
to set up the VPN.
g. Optionally, select the Enable logging on this Policy check box if you
want to view log messages for this policy.
Note It is not recommended that you enable logging permanently because
policy logging is processor-intensive. Use policy logging for troubleshoot-
ing and testing only.
h. Click Apply.
5. If you do not enforce XAUTH, move directly to step 6. However, if the
remote users authenticate with XAUTH, you must consider the user group
in which you want to configure the remaining access policies.
The TMS zl Module applies the access policies for the None user group to
all users. Therefore, you can configure access policies to control the
remote users’ traffic from the None user group. However, you might want
to create access policies that apply to specific groups. For example, you
might use XAUTH to divide remote users into groups that require different
levels of access. In that case, follow these steps, to select the correct user
group before configuring the remaining policies:
a. Click Close.
b. For User Group, select the group in which the remote users’ credentials
are configured.
c. Click Add a Policy.
d. Continue to the next step to configure a policy to permit traffic from
these users.
6. Permit traffic from the remote endpoints to local endpoints:
a. For Action, leave the default, Permit Traffic.
b. For From, select the IKE mode config zone.
Note If you did not use IKE mode config, select the remote zone. In this
case, be very careful to limit the policy only to the correct remote
endpoints.
c. For To, select the local zone.