TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

661

662

663

664

665

666

667

668

669

670

7-145

Virtual Private Networks

Configure an L2TP over IPsec VPN

8. Configure the clients with compatible settings.

For your reference, this chapter gives configuration guidelines for two

clients that can be used in L2TP over IPsec VPNs. Note that the process

for configuring a Windows 7 VPN client is similar to that for configuring

a Vista VPN client.

• “Configure a Windows XP SP2 Client for L2TP over IPsec” on page

7-398

• “Configure a Windows Vista Client for L2TP over IPsec” on page 7-452

Create Named Objects for the VPN (Optional)

You might want to configure the named objects indicated in Table 7-13.

For your reference, this table includes the location where you would specify

these named objects. However, configuration instructions will indicate when

you actually need to specify each object. The table also includes a reference

to numbers in Figure 7-120. The number indicates the IP address for that

named object in an example network.

See “Named Objects” in Chapter 4: “Firewall” for step-by-step instructions for

configuring objects.

Table 7-13. Possible Named Objects for L2TP over IPsec VPNs

Figure

Reference

Named Object Type Named Object Description Location Where the Named Object

is Specified

1 Single-entry IP address object The TMS zl Module’s IP address

that will be the local VPN gateway

• Source or Destination for

firewall access policies that

permit IKE and L2TP traffic

• Local Address in the IPsec

policy traffic selector

2 Single-entry or multiple-entry IP,

range, or network address object

The IP addresses of local

endpoints that remote endpoints

will be allowed to access

Source or Destination for firewall

access policies that permit traffic

sent across the VPN

3 Single-entry or multiple-entry IP,

range, or network address object

The actual IP addresses of remote

VPN clients

Source or Destination for firewall

access policies that permit IKE and

L2TP traffic

4 Single-entry or multiple-entry IP,

range, or network address objects

The virtual IP addresses assigned

to remote VPN clients (by the TMS

zl Module or by an external

RADIUS server)

Source or Destination for firewall

access policies that permit traffic

sent across the VPN