TMS zl Management and Configuration Guide ST.1.2.100916

7-77

Virtual Private Networks

Configure an IPsec Site-to-Site VPN with IKE

Configure an IPsec Site-to-Site VPN with

IKE

To configure an IPsec site-to-site VPN that uses IKE, you must complete these

tasks:

1. Optionally, create named objects, which you can use in IPsec policies as

well as corresponding firewall access policies.

Using named objects is best practice; however, you can specify IP

addresses manually. See “Create Named Objects for the VPN (Optional)”

on page 7-78.

2. Create an IKE policy.

See “Create an IKE Policy for a Site-to-Site IPsec VPN” on page 7-79.

3. If you are using certificates, install the correct certificates on the TMS zl

Module.

Do not complete this step if your IKE policy specifies preshared key

authentication.

See “Install Certificates for IKE” on page 7-88.

4. Create an IPsec proposal.

See “Create an IPsec Proposal” on page 7-104.

5. Create an IPsec policy.

See “Create an IPsec Policy for a Site-to-Site VPN that Uses IKE” on page

7-106.

6. Create necessary firewall access policies.

See “Create Access Policies for an IPsec Site-to-Site VPN that Uses IKE”

on page 7-117.

7. Create a static route, if necessary.

See “Verify Routes for an IPsec Site-to-Site VPN” on page 7-123.

8. Configure global IPsec settings (optional).

See “Configure Global IPsec Settings” on page 7-351.

9. Configure the remote VPN gateway with compatible settings.

See the gateway device’s configuration guide for instructions.