TMS zl Management and Configuration Guide ST.1.2.100916
A-85
Command-Line Reference
Global Configuration Context
Auto SA revalidation allows the TMS zl Module to automatically revalidate
SAs when the associated policy is changed or when the time or bandwidth
lifetime expires. If you disable auto SA revalidation, the TMS zl Module does
not revalidate the SA until a packet arrives for that SA (which might slow
processing for that packet). This feature is enabled by default.
Enter this command to enable (or disable) auto SA revalidation:
Syntax: [no] ipsec sa auto-revalidation enable
To set the maximum number of SAs that can be established using each IPsec
policy, enter the following command:
Syntax: ipsec sa maximum <maximum number>
Replace <maximum number> with the value for the maximum number of
SAs you want to allow per policy (2-10000). Note that two SAs (one inbound
and one outbound) are required for each connection.
l2tp
The l2tp command contains all of the commands you need to create the L2TP
settings for an L2TP over IPsec VPN (you must also use the ipsec commands
to configure the IPsec settings). Documentation for this command is sepa-
rated into the following sections.
■ l2tp radius-auth—these commands allow you to configure a RADIUS
server to authenticate L2TP dial-in users. (See “l2tp radius-auth” on page
A-85.)
■ l2tp local-user—this command creates (or deletes) a local user account
that the TMS zl Module will use to authenticate L2TP dial-in users and
enables you to enter the L2TP Dial-in User context. (See “l2tp local-user”
on page A-88.)
■ L2TP User context—using the commands in this context, you set the
parameters for the users authenticating to the TMS zl Module. (See “L2TP
User Context” on page A-164.)
l2tp radius-auth
This command enables a RADIUS server to authenticate L2TP dial-in users.
When you configure L2TP clients to authenticate to a RADIUS server, you must
specify the following:
■ The virtual IP address that the TMS zl Module uses in its role as L2TP
server