<< Create IPsec Policy (4 of 4)

Create Static Routes >>

 

Example 1: IPsec VPN, Site-to-Site

Create Firewall Access Policies for the VPN Traffic

TMS zl Module A

TMS zl Module B

  1. Configure an access policy to permit IKE messages from the remote TMS zl Module to the local TMS zl Module.

  1. Select Firewall > Access Policies > Unicast.

  2. Click Add a Policy.

  3. For Action, accept the default: Permit Traffic.

  4. For From, select EXTERNAL.

  5. For To, select SELF.

  6. For Service, select isakmp.

  7. For Source, select researchGATE.

  8. For Destination, localVPNgate.

  9. Select the Enable logging on this Policy check box.

Because policy logging is processor-intensive, it is not recommended that you enable logging permanently. Use policy logging for troubleshooting and testing only.

  1. Click Apply.

  1. Configure an access policy to allow IKE messages from the local TMS zl Module to the remote TMS zl Module:

  1. For Action, accept the default: Permit Traffic.

  2. For From, select SELF.

  3. For To, select the EXTERNAL.

  4. For Service, select isakmp.

  5. For Source, select localVPNgate.

  6. For Destination, select researchGATE.

  7. Click Apply.

  1. Create an access policy to permit clients in VLAN_7 to initiate connections with the FTP server:

  1. For Action, accept the default, Permit Traffic.

  2. For From, select ZONE3.

  3. For To, select EXTERNAL.

  4. For Service, select ftp.

  5. For Source, select VLAN_7.

  6. For Destination, select researchFTP.

  7. Click Apply.

  8. Click Close.

  1. Configure an access policy to allow IKE messages from the remote TMS zl Module to the local TMS zl Module.

  1. Select Firewall > Access Policies > Unicast.

  2. Click Add a Policy.

  3. For Action, accept the default: Permit Traffic.

  4. For From, select EXTERNAL.

  5. For To, select SELF.

  6. For Service, select isakmp.

  7. For Source, select mainGATE.

  8. For Destination, localVPNgate.

  9. Select the Enable logging on this Policy check box.

Because policy logging is processor-intensive, it is not recommended that you enable logging permanently. Use policy logging for troubleshooting and testing only.

  1. Click Apply.

  1. Configure an access policy to allow IKE messages from the local TMS zl Module to the remote TMS zl Module:

  1. For Action, accept the default: Permit Traffic.

  2. For From, select SELF.

  3. For To, select the EXTERNAL.

  4. For Service, select isakmp.

  5. For Source, select localVPNgate.

  6. For Destination, select mainGATE.

  7. Click Apply.

  1. Create an access policy to permit clients in VLAN_7 to initiate connections with the FTP server:

  1. For Action, accept the default, Permit Traffic.

  2. For From, select EXTERNAL.

  3. For To, select DMZ.

  4. For Service, select ftp.

  5. For Source, select VLAN_7.

  6. For Destination, select FTPserver.

  7. Click Apply.

  8. Click Close.

Because the Ignore IPsec policy already blocks the unauthorized addresses, it is not necessary to configure the firewall to deny them.

 

<< Create IPsec Policy (4 of 4)

Create Static Routes >>