TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

691

692

693

694

695

696

697

698

699

700

7-175

Virtual Private Networks

Configure an L2TP over IPsec VPN

Table 7-19. RADIUS Attributes Required for L2TP RADIUS Access-Accept

Messages

Note Some implementations of Microsoft Internet Authentication Service (IAS) do

not allow you to specify the Framed-IP-Address attribute; you will not see the

attribute in the list in the Advanced tab of the policy’s dial-in profile. In this

case, you can set the other two required attributes in the Advanced tab, but

you must set the address settings (if not specified in the AD user accounts) in

the IP tab. In this tab, select either:

■ Assign a static IP address and type the specific IP address that will be

assigned to the user.

■ Server must supply an IP address

This setting allows the TMS zl Module to assign IP addresses to users from

the range configured in the Network > Authentication > L2TP Users window.

Create Access Policies for an L2TP over IPsec VPN

Before you begin configuring firewall access policies, determine the zone on

which traffic from the remote endpoints arrives. This is the zone associated

with the TMS VLAN on which local VPN gateway address is configured. Often,

this is the External zone, but it could be another zone. The instructions below

will refer to this zone as the “remote zone.”

Attribute Value Additional Guidelines

Service-Type Framed

Filter-ID Name of a user group on the TMS zl Module The value must match exactly a name that you

configured in “Create a User Group” on page

7-169. When a user authenticates with this

policy, the firewall access policies configured for

this group on the module will control the user’s

access.

Framed-IP-Address If each user’s account specifies an IP address

(for example in AD):

No setting necessary

If the RADIUS server assigns users’ IP

addresses:

An exact IP address

You must create a different policy for each user.

If the TMS zl Module assigns users’ IP

addresses:

255.255.255.254

Remember to configure the range of IP

addresses in the Network > Authentication >

L2TP Users window.