TMS zl Management and Configuration Guide ST.1.1.100226
7-77
Virtual Private Networks
Configure an IPsec Site-to-Site VPN with IKE
Create Named Objects for the VPN (Optional)
You might want to configure the named objects indicated in Table 7-8. (You
can, of course, configure other objects that are appropriate for your environ-
ment.) For your reference, this table includes the location where you would
specify these named objects. However, the configuration instructions will
indicate when you actually need to specify each object. The table also includes
a reference to numbers in Figure 7-55. The number indicates the IP address
for that named object in an example network.
See “Named Objects” in Chapter 4: “Firewall” for step-by-step instructions for
configuring objects.
Table 7-8. Possible Named Objects for an IPsec Site-to-Site VPN
Example
Figure
Reference
Named Object Type Named Object Description Location Where the Named
Object is Specified
1 Single-entry IP address object The TMS zl Module IP address
that will be the local VPN gateway
Source or Destination for firewall
access policies that permit IKE
traffic
2 Single-entry IP, range, or network
address objects
The IP addresses of local
endpoints that are allowed to send
traffic over the VPN
• Local Address in the IPsec
policy traffic selector
• Source or Destination for
firewall access policies that
permit traffic sent across the
VPN
3 Single-entry IP address object The IP address of the remote VPN
gateway
Source or Destination for firewall
access policies that permit IKE
traffic
4 Single-entry IP, range, or network
address objects
The IP addresses of endpoints
behind the remote VPN gateway
• Remote Address in the IPsec
policy traffic selector
• Source or Destination for
firewall access policies that
permit traffic sent across the
VPN