TMS zl Management and Configuration Guide ST.1.2.100916
7-134
Virtual Private Networks
Configure an IPsec Site-to-Site VPN with Manual Keying
• Select Use VLAN IP Address and select a VLAN from the list.
Select the VLAN on which the remote gateway reaches the TMS zl
Module. For example, if the remote gateway connects to the module
through the Internet, select the VLAN on which the module has its
connection to the Internet.
13. For Remote Gateway IP Address under Peer ID, specify the IP address of the
remote gateway (indicated by 3 in the figure).
You must type the IP address that the remote gateway specifies for its
local IP address. Use the IP address at which the TMS zl Module can reach
the remote gateway (typically, a public IP address).
Figure 7-113. Add IPsec Policy Window—Step 2 of 4 (Bottom Section)
14. Next, set the SPI and keys for the protocol that you selected in the IPsec
proposal (ESP, in the example displayed in Figure 7-113). The correct
number of characters for a key depends on the algorithm that you selected
in the IPsec proposal and is indicated to the right of the box. Note also
that if you selected AH, you will not see boxes for encryption keys:
a. For SPI Number, type a decimal number that uniquely identifies this
IPsec SA. You must match the SPI on the remote gateway. (In log files
and packet sniffers, this number may be represented in hexadecimal.)
b. For Inbound Encryption Key (ESP only), type a character string of the
specified length. The string must match the outbound encryption key
on the remote gateway.
It is best practice to use a mix of character types (alphanumeric and
special) and not to use dictionary words.