Create a Layer 2 IPsec VPN service. For more information, see Configure Layer 2 IPsec VPN Services.
For Layer 2 IPsec VPN tunnels, all management servers (CAPWAP, Syslog, SNMP, NTP, RADIUS, Active Directory, and LDAP) should be reachable from the VPN client without tunneling by default. However, you might want to tunnel some or all management traffic from the VPN client to servers on the main network. Use the following procedure to specify which type of management traffic you want VPN clients to send through the tunnel and which to forward locally.
Note
Set the following options only when the servers are in a different subnet from that of the tunnel interface. When they are in the same subnet, tunneling is automatic. In addition, the IP address/host name objects for the following servers must have IP address definitions as opposed to host name definitions.