TMS zl Management and Configuration Guide ST.1.1.100430
7-284
Virtual Private Networks
Configure a GRE over IPsec VPN with Manual Keying
A default IPsec policy prevents all traffic from being encrypted by the VPN
engine; therefore, all IPsec policies that you configure must have a higher
priority than this default policy.
Next, you configure the VPN traffic selector, which determines which traffic
will use the VPN tunnel. For a GRE over IPsec VPN, the traffic selector must
specify the GRE traffic between the TMS zl Module and the remote tunnel
endpoint.
Caution For this policy, you will specify a local TMS zl Module IP address. Be very
careful to specify GRE for the protocol. Otherwise, you might select manage-
ment traffic for the VPN and lock yourself out of he Web browser interface. If
you do lock yourself out, reboot the module, but DO NOT SAVE the configu-
ration.
If your traffic selector will include traffic that is also selected for NAT, you
must create a NAT exclusion policy. See “Exclusion NAT Policies” in
Chapter 5: “Network Address Translation.”
Refer to Figure 7-248 for help configuring the traffic selector.
Figure 7-248. Example GRE over IPsec VPN
8. For Traffic Selector, configure these settings:
a. For Protocol, specify 47 (GRE).
b. For Local Address, specify the local gateway address for the GRE
tunnel (indicated by 1 in the figure and not the IP address on the tunnel
subnet).