TMS zl Management and Configuration Guide ST.1.2.100916
7-497
Virtual Private Networks
Configure a Windows Vista Client for L2TP over IPsec
L2TP RADIUS Authentication settings (if used)
L2TP Server IP
Address
Any IP address in a private subnet not in
use in your network
Network > Authentication
> L2TP Users
Domain name The domain to which your users belong
(or global = no name)
Domain Name setting in
Add RADIUS server
window
User name configured in
step 75 on page 7-486
IP Pool Range of IP addresses that are in the
same subnet as the L2TP Server IP
address
Edit RADIUS Domain
window
•Primary DNS
Server
• Secondary DNS
Server
•Primary WINS
server
• Secondary WINS
server
IP addresses of your network’s servers
(to which TMS firewall access policies
permit the remote client access)
Edit RADIUS Domain
window
Firewall access policies
User Group None • Permit Self <remote endpoints’ zone>
l2tp-udp Any Any
• Permit <remote endpoints’ zone> Self
l2tp-udp Any Any
• Permit Self <remote endpoints’ zone>
isakmp Any Any
• Permit <remote endpoints’ zone> Self
isakmp Any Any
Add Policy
User Group <group
configured for the
dial-in user>
• Permit External <local zone>
<service> <virtual dial-in addresses>
<local addresses>
• Permit <local zone> External
<service> <virtual dial-in addresses>
<local addresses>
Add Policy
Parameter Valid Settings Configuration Window Matching Setting on the
Windows Vista Client