TMS zl Management and Configuration Guide ST.1.1.100430
7-395
Virtual Private Networks
Configure a Windows XP SP2 Client for L2TP over IPsec
Configure a Windows XP SP2 Client for
L2TP over IPsec
This section includes step-by-step instructions for configuring a Windows XP
SP2 client to establish a L2TP over IPsec connection to the TMS zl Module.
You have two options for configuring the client:
■ Use the New Connection Wizard and its default IPsec policies.
Using the default policies is the easiest way to set up the connection.
However, on the TMS zl Module, you must take care to configure proto-
cols, algorithms, and SA lifetime security settings that match the XP
client’s default proposals. Fortunately, the default TMS zl Module security
settings work with one exception—you must change the DH group in the
IKE policy to Group 2 instead of Group 1 when you use the other default
settings.
For this method, see “Configuration with the New Connection Wizard” on
page 7-395.
On the TMS zl Module, you must configure L2TP over IPsec settings as
described in “Configure an L2TP over IPsec VPN” on page 7-143. See “TMS
zl Module Settings with a Windows XP Client (Wizard Configuration)” on
page 7-406 for a table that shows all necessary settings.
■ Set up IPsec policies manually.
Manually configuring the policies allows you to control the exact security
settings for your environment. This method is recommended only for
expert users.
For this method, see “Manual Windows XP Client Configuration” on
page 7-410.
On the TMS zl Module, you must configure L2TP over IPsec settings as
described in “Configure an L2TP over IPsec VPN” on page 7-143. See “TMS
zl Module Settings with a Windows XP Client (Manual Configuration)” on
page 7-442 for a table that shows all necessary settings.
Configuration with the New Connection Wizard
Before you configure the VPN connection, make sure to uninstall the HP
ProCurve VPN client or any other third-party VPN client; these clients can
interfere with the Windows XP client.