TMS zl Management and Configuration Guide ST.1.2.100916
7-513
Virtual Private Networks
Configure a Shrew Soft VPN Client for Windows
Proposal IPsec proposal that you created for the IPsec connection
IKEv1 Policy IKE policy that you created for the IPsec connection Add IPsec Policy—Step 2 of 4
Enable PFS (Perfect
Forward Secrecy) for
keys
Matches the setting configured in step 16 on page 7-505
SA Lifetime in Seconds Matches the settings configured in step 16 on page 7-505
SA Lifetime in Kilobytes Matches the settings configured in step 16 on page 7-505
Enable IP Address Pool
for IRAS (Mode Config)
Check box is selected
Other settings
Add IPsec Policy—Step 3 of 4
IRAS IP Address/Mask IP address in a private subnet with addresses reserved for
remote clients
Firewall Zone • The source zone for traffic that arrives from the remote
clients
• The destination zone for traffic sent to remote client
IP Address Ranges IP addresses in the same subnet as the IRAS IP address
• Primary DNS Server
• Secondary DNS
Server
• Primary WINS server
• Secondary WINS
server
IP addresses of your network’s servers (which the remote
clients can access)
Advanced Settings
(Optional)
Default settings Add IPsec Policy—Step 4 of 4
Firewall access policies
User Group None • Permit Self External isakmp Any Any
• Permit External Self isakmp Any Any
• Other access policies that control traffic from the remote
client (virtual IP address)
Add Policy
If XAUTH is enabled, User
Group <group configured
for the remote user>
Access policies that control traffic from the remote clients
(virtual IP addresses)
Add Policy
Parameter Valid Settings Configuration Window