TMS zl Management and Configuration Guide ST.1.1.100226
7-137
Virtual Private Networks
Configure an IPsec Site-to-Site VPN with Manual Keying
Note The value for TCP MSS in the table is only a suggestion. You should determine
the best MSS for your environment.
Table 7-12. Checklist for Access Policies for an IPsec Site-to-Site VPN That Uses
Manual Keying
Exact steps for configuring these policies are given below:
1. In the left navigation bar of the Web browser interface, click Firewall >
Access Policies.
2. Click the Unicast tab.
3. Click Add a Policy.
4. Permit traffic from the local endpoints to the remote endpoints:
a. For Action, leave the default, Permit Traffic.
b. For From, select the local zone.
c. For To, select the remote zone.
d. For Service, leave Any Service.
This is the most basic configuration. You could also create access
policies that permit only certain services.
e. For Source, specify the local IP addresses allowed to send traffic on
the VPN.
In the most basic setup, these are the same IP addresses configured
as local addresses in the IPsec traffic selector. You can specify the
addresses manually or select a previously configured address object.
f. For Destination, specify the remote IP addresses which the local users
are allowed to access.
In the most basic setup, these are the same IP addresses configured
as remote addresses in the IPsec traffic selector. You can specify the
addresses manually or select a previously configured address object.
When
Required
From Zone To Zone Service Source Destination TCP MSS Number
of
policies
Always Remote Local Any you choose 4 2 1356 As many
as you
choose
Always Local Remote Any you choose 2 4 1356 As many
as you
choose