Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
661662663664665666667668669670
7-143
Virtual Private Networks
Configure an L2TP over IPsec VPN
Configure an L2TP over IPsec VPN
You must complete these tasks to establish a client-to-site VPN that uses L2TP
over IPsec:
1. Create named objects (optional).
1. Create a client-to-site IKE policy.
Only one IKE policy can specify the client-to-site type, main mode, and
preshared keys. Therefore, if you are using pre-shared key authentication,
you must configure a single policy that is valid for all of your remote L2TP
users.
See “Create an IKE Policy for an L2TP over IPsec VPN” on page 7-145.
2. Create an IPsec proposal.
See “Create an IPsec Proposal for an L2TP over IPsec VPN” on page 7-152.
3. Create an IPsec policy for the L2TP traffic.
See “Create an IPsec Policy for an L2TP over IPsec VPN” on page 7-155.
4. Configure L2TP user authentication.
You must configure the TMS zl Module to authenticate L2TP users locally
or to an external RADIUS server. See “Configure L2TP User Authentica-
tion” on page 7-163.
5. Configure firewall access policies.
See “Create Access Policies for an L2TP over IPsec VPN” on page 7-175.
6. Check routes and, if necessary, add necessary routes.
“Verify Routes for the L2TP over IPsec VPN” on page 7-182.
7. Configure global IPsec settings (optional).
See “Configure Global IPsec Settings” on page 7-348.
8. Configure the clients with compatible settings.
For your reference, this chapter gives configuration guidelines for two
types of clients. See:
“Configure a Windows XP SP2 Client for L2TP over IPsec” on page
7-395
“Configure a Windows Vista Client for L2TP over IPsec” on page 7-448