TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

671

672

673

674

675

676

677

678

679

680

7-174

Virtual Private Networks

Configure an L2TP over IPsec VPN

Table 7-19. RADIUS Attributes Required for L2TP RADIUS Access-Accept

Messages

Note Some implementations of Windows IAS do not allow you to specify

the Framed-IP-Address attribute; you will not see the attribute in the

list in the Advanced tab of the policy’s dial-in profile. In this case, set

the other two required attributes in the Advanced tab. Then click the

IP tab. Select either:

– Assign a static IP address and type the specific IP address that will

be assigned to the user.

– Server must supply an IP address

This setting allows the TMS zl Module to assign IP addresses to

users from the range configured in the Network > Authentication

> L2TP Users window.

Create Access Policies for an L2TP over IPsec VPN

Before you begin configuring firewall access policies, determine the zone on

which traffic from the remote endpoints arrives. This is the zone associated

with the TMS VLAN on which local VPN gateway address is configured. Often,

this is the External zone, but it could be another zone. The instructions below

will refer to this zone as the “remote zone.”

After the remote endpoints have received virtual IP addresses, their traffic is

considered to have originated in the External zone.

You should also determine the zone for local endpoints allowed on the VPN.

This might be the Internal zone or another zone. The instructions below will

refer to this zone as the “local zone.”

Attribute Value Additional Guidelines

Service-Type Framed

Filter-ID Name of a user group on the TMS zl Module The value must match exactly a name that you

configured in “Create a User Group” on page

7-168. When a user authenticates with this

policy, the firewall access policies configured for

this group on the module will control the user’s

access.

Framed-IP-Address If the RADIUS server assigns users’ IP

addresses:

An exact IP address

You must create a different policy for each user.

If the TMS zl Module assigns users’ IP

addresses:

255.255.255.254

Remember to configure the range of IP

addresses in the Network > Authentication >

L2TP Users

window.