Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
671672673674675676677678679680
7-175
Virtual Private Networks
Configure an L2TP over IPsec VPN
Figure 7-149 shows these zones in the example figure for an L2TP over IPsec
VPN.
Figure 7-149. Example L2TP over IPsec VPN (with Zones)
Finally, you must note the user group (or groups) to which L2TP users are
assigned. Users are assigned to these groups by local L2TP user accounts or
by an external RADIUS server. You will configure access policies that permit
traffic between remote users and local services within these groups; this helps
to ensure that only authorized remote users access your private network. In
addition, you can create different policies for different groups.
However, if you have chosen not to assign L2TP users to groups, then you will
configure access policies to permit their traffic in the None user group (the
default one).
Caution You must be very careful when you configure firewall access policies in the
None user group that permit traffic from L2TP users. These users are in the
External zone, so you can inadvertently open your network up to unauthorized
access. At the very least, take great care to limit the firewall access policies
to the specific virtual IP addresses that are assigned to L2TP clients.