<< Create Dial-In Policy

Static Routes >>

 

Example 6: L2TP over IPsec, Client-to-Site

Create Firewall Access Policies for the VPN Traffic

TMS zl Module

Windows 2000/XP VPN Client

  1. Select Firewall > Access Policies > Unicast.

  2. Click Add a Policy.

  3. Permit IKE traffic from the remote clients to the TMS zl Module:

  1. Ensure that the user group is None.

  2. For Action, accept the default: Permit Traffic.

  3. For From, select EXTERNAL.

  4. For To, select SELF.

  5. For Service, select isakmp.

  6. For Source, select L2TPclients.

  7. For Destination, select localVPNgate.

  8. Select the Enable logging on this Policy check box.

Because policy logging is processor-intensive, it is not recommended that you enable logging permanently. Use policy logging for troubleshooting and testing only.

  1. Click Apply.

  1. Permit L2TP traffic from the remote clients to the TMS zl Module:

  1. For Action, accept the default: Permit Traffic.

  2. For From, select EXTERNAL.

  3. For To, select SELF.

  4. For Service, select l2tp-udp.

  5. For Source, select L2TPclients.

  6. For Destination, select localVPNgate.

  7. Click Apply.

  1. Permit traffic from VLAN44 to the remote clients.

  1. From the User Group list, select L2TPuserGP.

  2. For Action, accept the default: Permit Traffic.

  3. For From, select INTERNAL.

  4. For To, select EXTERNAL.

  5. For Service, select Any Service.

  6. For Source, select VLAN44.

  7. For Destination, select L2TPclientsVIR.

  8. Click Apply.

  1. Permit traffic from the remote clients to VLAN44.

  1. For Action, accept the default: Permit Traffic.

  2. For From, select EXTERNAL.

  3. For To, select INTERNAL.

  4. For Service, select Any Service.

  5. For Source, select L2TPclientsVIR.

  6. For Destination, select VLAN44.

  7. Click Apply.

  8. Click Close.

  1. Click the Security tab.

  2. Click IPSec Settings.

  3. Select the Use pre-shared key for authentication check box and type WindowsL2tpKEY.

  4. Click OK to close the Main Campus Properties window and return to the Connect Main Campus window.

  5. Click Connect. After a minute or so, you should see a message that informs you that the connection was successful.

<< Create Dial-In Policy

Static Routes >>