TMS zl Management and Configuration Guide ST.1.1.100226

7-388

Virtual Private Networks

Configure IPSecuritas (Macintosh VPN Client)

These settings must match the Remote Address in the module’s traffic

selector exactly. For example, if the module’s traffic selector indicates

an entire subnet, you must select Network on the IPSecuritas client.

b. For Remote Side, select the Endpoint Mode:

– Host — Specifies one IP address on the internal network that the

client is permitted to access. Type the address in the IP Address

field.

– Network — Specifies the internal subnet that the client is permit-

ted to access.

For Network Address, type the address of the subnet. For Network

Mask (CIDR), type the number of bits in the network mask.

These settings must match the Local Address in the module’s traffic

selector exactly.

14. Click the Phase 1 tab and configure the following, which must match

settings in the IKE policy on the TMS zl Module:

a. For Lifetime, select Seconds, then type a value in the box.

b. For DH Group, select one of the following

i. 768 (1) — DH group 1

ii. 1024 (2) — DH group 2

iii. 1536 (5) — DH group 5

c. For Encryption, select one of the following:

i. DES

ii. 3DES

iii. AES 128

iv. AES 192

v. AES 256

d. For Authentication, select one of the following:

i. MD5

ii. SHA-1

e. For Exchange Mode, select Main or Aggressive.