VPN Examples

Some detailed, step-by-step examples are presented below to show you how to configure various types of VPNs on the Threat Management Services (TMS) zl Module.

 

VPN Protocol

Key Negotiation

Type

Remote Endpoints

Example 1

IPsec

IKEv1

Site-to-Site

  • TMS zl Module

Example 2

IPsec

IKEv1

Client-to-Site

  • TMS zl ModuleHP ProCurve client

  • IPSecuritas client

Example 3

IPsec

IKEv1

Site-to-Site

  • Secure Router 7000dl

Example 4

GRE

n/a

Site-to-Site

  • TMS zl Module

Example 5

GRE over IPsec

manual

Site-to-Site

  • TMS zl Module

Example 6

L2TP over IPsec

IKEv1

Client-to-Site

  • Windows 2000, XP, Vista clients

Example 1: IPsec VPN, Site-to-Site

In Example 1, you will see how to configure a site-to-site IPsec VPN that connects the faculty department to a remote research facility. Both ends of the VPN tunnel terminate at a TMS zl Module. The users on Site 1 are behind a NAT device. The VPN will permit only some users from VLAN_7 on Site 1 to access the FTP server on Site 2.

Go to Example 1

Example 2: IPsec VPN, Client-to-Site

In Example 2, you will see how to configure a client-to-site VPN that permits multiple remote users to access the main office. The VPN will be created using IKE, and for the ProCurve VPN client, you will use IKE mode config to assign addresses that are valid on the private network to the VPN clients. Separate instructions are provided for the IPSecuritas VPN client for Macintosh.

 

Go to Example 2

Example 3: IPsec VPN, Site-to-Site, to a Secure Router 7203dl

In Example 3, you will see how to configure a tunnel mode site-to-site VPN, using IKE, between a TMS zl Module and an HP ProCurve Secure Router 7203dl.

Go to Example 3

Example 4: GRE Tunnel, Site-to-Site

In Example 4, you will see how to configure a GRE Generic Routing Encapsulation tunnel between two TMS zl Modules on the same LAN.

Go to Example 4

Example 5: GRE over IPsec, Site-to-Site, with Manual Keying

Example 5 is similar to Example 4, but in this case, the GRE tunnel crosses the Internet and will therefore be secured with IPsec.

Go to Example 5

 

Example 6: L2TP over IPsec,  Client-to-Site

In Example 6, you will see how to configure L2TP Layer 2 Tunneling Protocol over IPsec between a TMS zl Module and two Windows 2000/XP VPN clients. A link to an equivalent Windows Vista setup is included.

 

 

Go to Example 6