TMS zl Management and Configuration Guide ST.1.2.100916
7-512
Virtual Private Networks
Configure a Shrew Soft VPN Client for Windows
Table 7-46. VPN Settings on the TMS zl Module
Parameter Valid Settings Configuration Window
IKE policy
Policy Type Client-to-Site (Responder) Add IKE Policy—Step 1 of 3
Local Gateway TMS zl Module’s IP address or VLAN in the External zone
Matches the IP address set in step 4 on page 7-499
Local ID Type Matches the type set in step 13-b on page 7-503
Local ID Value Matches the value set in step 13-c on page 7-503
Remote ID Type Matches the type set in step 12-b on page 7-502
Remote ID Value Matches the value set in step 12-c on page 7-502
Key Exchange Mode Matches the mode set in step 15 on page 7-504 Add IKE Policy—Step 2 of 3
Authentication Method Matches the method selected in step 11 on page 7-501
Preshared Key (if
Preshared key was
selected)
Matches the string configured in step 14 on page 7-503
Security Parameters
Proposal
Matches the settings configured in step 15 on page 7-504
XAUTH Configuration Matches the setting configured in step 11 on page 7-501:
• Disable XAUTH if the client does not use XAUTH
• TMS acts as XAUTH Server if the client uses XAUTH
Add IKE Policy—Step 3 of 3
IPsec proposal
Encapsulation Mode Tunnel Add IPsec Proposal
Protocol Matches the settings configured in step 16 on page 7-505
Encryption Algorithm (if
you selected ESP)
Matches the settings configured in step 16 on page 7-505
Authentication Algorithm Matches the settings configured in step 16 on page 7-505
IPsec policy Add IPsec Policy—Step 1 of 4
Action Apply
Position Any position
Protocol Any
Local Address Any that works for your environment want if the TMS zl
Module is using IRAS and the client uses Obtain
Automatically in the Policy tab
Otherwise matches the Remote Network Resource settings
configured in step 18 on page 7-506
Remote Address The IRAS addresses if the TMS zl Module is using IRAS
Otherwise, a subnet or range or address that matches the
client’s IP address (see step 5 on page 7-499)