TMS zl Management and Configuration Guide ST.1.2.100916
7-6
Virtual Private Networks
Introduction
Introduction
The Threat Management Services (TMS) zl Module supports virtual private
networks (VPNs), which are tunnels that connect two trusted endpoints
through an untrusted network. A VPN tunnel can provide data integrity and
data privacy for the traffic transmitted over the tunnel.
The TMS zl Module supports these options for VPNs:
■ IP security (IPsec):
• Client-to-site VPNs with Internet Key Exchange (IKE) version 1
• Site-to-site VPNs:
–With IKE v1
– With manual keying
■ L2TP and L2TP over IPsec—client-to-site VPNs
■ Generic Routing Encapsulation (GRE) tunnels and GRE over IPsec——
site-to-site VPNs
L2TP and GRE do not, on their own, protect the data transmitted over the
tunnel. However, both can be combined with IPsec, which provides data
integrity and data privacy.
The module supports:
■ 4800 IPsec VPN connections
■ 100 L2TP over IPsec connections
■ 240 GRE connections
The following VPN clients have been tested for use with the TMS zl Module:
■ IPsec VPNs
• HP ProCurve VPN Client
• Openswan for Linux
• IPSecuritas for Macintosh OS X
• Shrew Soft VPN Client
■ L2TP over IPsec VPNs
• Microsoft Windows XP, Vista, and 7 (both 32-bit and 64-bit) operating
systems’ native VPN clients