<<Create an IKE Policy (3 of 3)

Create an IPsec Proposal >>

 

Example 1: IPsec VPN, Site-to-Site

Create Named Objects

The final step after creating a VPN is to create firewall access policies to permit the VPN traffic. But before you create your firewall access policies, it is a good idea to create named objects that contain the addresses and/or services that you will need.

For this example, you will need address objects for the remote and local gateways, for the local users, and for the remote destination. The objects on each site can have any name that you want.

TMS zl Module A

TMS zl Module B

  1. Select Firewall > Access Policies > Addresses.

  2. Click Add an Address.

  3. Create a domain name address object for the remote gateway.

  1. For Name, type researchGATE.

  2. For Type, select Domain name.

  3. Type research.procurveu.edu.

  4. Click Apply.

When the TMS zl Module evaluates a firewall access policy that contains a domain name that cannot be resolved, it terminates evaluation and denies the session. As a result of this safeguard, a DNS failure can deny traffic that would otherwise be allowed by subsequent policies. A best practice is to place policies that use domain names at the end of the policy list to mitigate the impact of DNS failures.

  1. Create a single-entry IP address object for the local gateway.

  1. For Name type localVPNgate.

  2. For Type, select IP.

  3. Select Single-entry and type 172.16.1.99.

  4. Click Apply.

  1. Create a single-entry IP address object for the FTP server.

  1. For Name, type researchFTP.

  2. For Type, select IP.

  3. Select Single-entry and type 192.0.2.55.

  4. Click Apply.

  5. Click Close.

  1. Create a single-entry network address object for VLAN_7.

  1. For Name, type VLAN_7.

  2. For Type, select Network.

  3. Select Single-entry and type 10.1.7.0/24.

  4. Click Apply.

  1. Create a single-entry IP range object for the omitted range.

  1. For Name, type omitRANGE.

  2. For Type, select Range.

  3. Select Single-entry and type 10.1.7.50-10.1.7.100.

  4. Click Apply.

  5. Click Close.

 

  1. Select Firewall > Access Policies > Addresses.

  2. Click Add an Address.

  3. Create a single-entry IP address object for the remote gateway.

  1. For Name, type mainGATE.

  2. For Type, select IP.

  3. Select Single-entry and type 172.16.1.99.

  4. Click Apply.

  1. Create a domain name address object for the local gateway.

  1. For Name, type localVPNgate.

  2. For Type, select Domain name.

  3. Type research.procurveu.edu.

  4. Click Apply.

  1. Create a single-entry IP address object for the FTP server.

  1. For Name, type FTPserver.

  2. For Type, select IP.

  3. Select Single-entry and type 192.0.2.55.

  4. Click Apply.

  5. Click Close.

  1. Create a single-entry network address object for VLAN_7.

  1. For Name, type VLAN_7.

  2. For Type, select Network.

  3. Select Single-entry and type 10.1.7.0/24.

  4. Click Apply.

 

<<Create an IKE Policy (3 of 3)

Create an IPsec Proposal >>