Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
671672673674675676677678679680
7-160
Virtual Private Networks
Configure an L2TP over IPsec VPN
b. For Local Address, type the IP address configured as the local gateway
in the IKE policy (indicated by 1 in the figure).
Note You cannot specify an address object when the IPsec proposal spec-
ifies transport mode.
c. For Local Port, type 1701.
d. For Remote Address, select Any.
Alternatively, you could specify a specific IP address, range of IP
addresses, or subnet (indicated by 3 in the figure). However, this
complicates the configuration in one of two ways:
By default, Windows L2TP clients send their IP address as their
local address. Because this setting must match the remote setting
exactly, you would need to configure a separate IPsec policy for
each L2TP client. You would also have to know the IP address of
each client.
If your L2TP clients have contiguous IP addresses, you can spec-
ify a range of IP addresses or a subnet. However, in that case, you
could not use the New Connection Wizard to set up the VPN
connection on the Windows client; instead, you would have to
configure the IPsec settings for the connection manually, making
sure to match the local address settings in the IP filter to the
setting configured here.
e. Leave the Remote Port field empty.
Note When clients’ traffic reaches the module without being NATed, you can specify
1701 for the port. However, if clients’ traffic is NATed at any point on the way
to the TMS zl Module, the port will change, causing the L2TP over IPsec VPN
connection to fail. Therefore, you should typically leave the field empty.
9. For Proposal, select the previously configured IPsec proposal.
The IPsec proposal specifies the IPsec mode, IPsec protocol, and the
authentication and encryption algorithms that secure the VPN connec-
tion. See “Create an IPsec Proposal for an L2TP over IPsec VPN” on page
7-153.
10. Click Next.