TMS zl Management and Configuration Guide ST.1.1.100430
7-250
Virtual Private Networks
Configure a GRE over IPsec VPN with IKE
Caution For this policy, you will specify a local TMS zl Module IP address. Be very
careful to specify GRE for the protocol. Otherwise, you might select manage-
ment traffic for the VPN and lock yourself out of the Web browser interface.
If you do lock yourself out, reboot the module, but DO NOT SAVE the
configuration.
If your traffic selector will include traffic that is also selected for NAT, you
must create a NAT exclusion policy. See “Exclusion NAT Policies” in
Chapter 5: “Network Address Translation.”
Refer to Figure 7-221 for help configuring the traffic selector.
Figure 7-221. Example GRE over IPsec VPN
8. For Traffic Selector, configure these settings:
a. For Protocol, specify 47 (GRE).
b. For Local Address, specify the local gateway address for the GRE
tunnel (indicated by 1 in the figure and not the IP address on the tunnel
subnet).
c. For Remote Address, specify the remote gateway address for the GRE
tunnel (indicated by 3 in the figure and not the IP address on the tunnel
subnet).
9. For Proposal, select a previously configured IPsec proposal.
The IPsec proposal specifies the IPsec mode, IPsec protocol, and the
authentication and encryption algorithms that secure the VPN connec-
tion. See “Create an IPsec Proposal” on page 7-245.