TMS zl Management and Configuration Guide ST.1.1.100226
7-396
Virtual Private Networks
Configure a Windows XP SP2 Client for L2TP over IPsec
Configure a Windows XP SP2 Client for
L2TP over IPsec
This section includes step-by-step instructions for configuring a Windows XP
SP2 client to establish a L2TP over IPsec connection to the TMS zl Module.
You have two options for configuring the client:
■ Use the New Connection Wizard and its default IPsec policies.
Using the default policies is the easiest way to set up the connection.
However, on the TMS zl Module, you must take care to configure proto-
cols, algorithms, and SA lifetime security settings that match the XP
client’s default proposals. Fortunately, the default TMS zl Module security
settings work with one exception—you must change the DH group in the
IKE policy to Group 2 instead of Group 1 when you use the other default
settings.
For this method, see “Configuration with the New Connection Wizard” on
page 7-397.
On the TMS zl Module, you must configure L2TP over IPsec settings as
described in “Configure an L2TP over IPsec VPN” on page 7-142. See “TMS
zl Module Settings with a Windows XP Client (Wizard Configuration)” on
page 7-407 for a table that shows all necessary settings.
■ Set up IPsec policies manually.
Manually configuring the policies allows you to control the exact security
settings for your environment. This method is recommended only for
expert users.
Enable IP Address
Pool for IRAS (Mode
Config)
Check box is cleared. IPSecuritas does not support the TMS zl
Module’s implementation of IKE mode config.
Add IPsec Policy—Step 3 of 4
Advanced Settings
(Optional)
Default settings Add IPsec Policy—Step 4 of 4
Firewall access
policies
User Group None • Permit SELF EXTERNAL isakmp Any Any
• Permit EXTERNAL SELF isakmp Any Any
• Permit EXTERNAL [local endpoints’ zone] Any Any Any
• Permit [local endpoints’ zone] EXTERNAL Any Any Any
Add Policy
Parameter Valid Settings Configuration Window