TMS zl Management and Configuration Guide ST.1.1.100430
7-52
Virtual Private Networks
Configure an IPsec Client-to-Site VPN
Create Named Objects for the VPN (Optional)
You might want to configure the named objects indicated in Table 7-6.
For your reference, this table includes the location where you would specify
these named objects. However, later configuration instructions will indicate
when you actually need to specify each object. The table also includes a
reference to numbers in Figure 7-40. The number indicates the IP address for
that named object in an example network.
See “Named Objects” in Chapter 4: “Firewall” for step-by-step instructions for
configuring objects.
Table 7-6. Possible Named Objects for Client-to-Site VPNs
Example
Figure
Reference
Named Object Description Named Object Type Location Where the Named
Object is Specified
1 The TMS zl Module IP address
that acts as the local VPN
gateway
Single-entry IP address object Source or Destination for firewall
access policies that permit IKE
traffic
2 The IP addresses of local
endpoints that remote users are
allowed to access over the VPN
Single-entry IP, range, or network
address objects
• Source or Destination for
firewall access policies that
permit traffic sent across the
VPN
• If IKE mode config is not used,
Local Address in the IPsec
policy traffic selector
3 The actual IP addresses of
remote VPN clients
Single-entry or multiple-entry IP,
range, or network address object
*If IKE mode config is not used
and you want to use this object in
an IPsec policy, the object must
be single-entry.
• Source or Destination for
firewall access policies that
permit IKE traffic
• If IKE mode config is not used:
– Remote Address in the
IPsec policy traffic selector
– Source or Destination for
firewall access policies
that permit traffic sent
across the VPN
4 The virtual IP addresses assigned
to remote VPN clients using IKE
mode config
Single-entry IP, range, or network
address objects
• Remote Address in the IPsec
policy traffic selector
• Source or Destination for
firewall access policies that
permit traffic sent across the
VPN