This example shows how to setup a L2TP Network Server. The example assumes that you have created some
address objects in the Address Book. You will have to specify the IP address of the L2TP server interface, an
outer IP address (that the L2TP server should listen to) and an IP pool that the L2TP server will use to give out IP
addresses to the clients from. The interface that the L2TP server will accept connections on is a virtual IPsec
tunnel, not illustrated in this example.
CLI
gw-world:/> add Interface L2TPServer MyL2TPServer ServerIP=ip_l2tp
Interface=l2tp_ipsec IP=wan_ip IPPool=L2TP_Pool TunnelProtocol=L2TP
AllowedRoutes=all-nets
Web Interface
1.
Go to Interfaces > L2TP Servers > Add > L2TPServer
2.
Enter a suitable name for the L2TP Server, for example MyL2TPServer
3.
Now enter:
•
Inner IP Address: ip_l2tp
•
Tunnel Protocol: L2TP
•
Outer Interface Filter: l2tp_ipsec
•
Outer Server IP: wan_ip
4.
Under the PPP Parameters tab, select L2TP_Pool in the IP Pool control
5.
Under the Add Route tab, select all_nets in the Allowed Networks control
6.
Click OK
Use User Authentication Rules is enabled as default. To be able to authenticate the users using the PPTP
tunnel you also need to configure authentication rules, which is not covered in this example.
Example 9.12. Setting up an L2TP Tunnel Over IPsec
This example shows how to setup a fully working L2TP Tunnel based on IPsec encryption and will cover many
parts of basic VPN configuration. Before starting, you need to configure some address objects, for example the
network that is going to be assigned to the L2TP clients. Proposal lists and PSK are needed as well. Here we will
use the objects created in previous examples.
To be able to authenticate the users using the L2TP tunnel a local user database will be used.
A. Start by preparing a new Local User Database:
CLI
gw-world:/> add LocalUserDatabase UserDB
gw-world:/> cc LocalUserDatabase UserDB
gw-world:/UserDB> add User testuser Password=mypassword
Web Interface
1.
Go to User Authentication > Local User Databases > Add > Local User Database
2.
Enter a suitable name for the user database, for example UserDB
3.
Go to User Authentication > Local User Databases > UserDB > Add > User
4.
Now enter:
•
Username: testuser
9.5.2. L2TP Servers
Chapter 9. VPN
365
Summary of Contents for 800 - DFL 800 - Security Appliance
Page 24: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 24 ...
Page 69: ...2 6 4 Restore to Factory Defaults Chapter 2 Management and Maintenance 69 ...
Page 121: ...3 9 DNS Chapter 3 Fundamentals 121 ...
Page 181: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 181 ...
Page 192: ...5 5 IP Pools Chapter 5 DHCP Services 192 ...
Page 282: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 282 ...
Page 300: ...mechanism 7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 300 ...
Page 301: ...7 3 7 SAT and FwdFast Rules Chapter 7 Address Translation 301 ...
Page 318: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 318 ...
Page 322: ...ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 322 ...
Page 377: ...Management Interface Failure with VPN Chapter 9 VPN 377 ...
Page 408: ...10 4 6 SLB_SAT Rules Chapter 10 Traffic Management 408 ...
Page 419: ...11 5 HA Advanced Settings Chapter 11 High Availability 419 ...
Page 426: ...12 3 5 Limitations Chapter 12 ZoneDefense 426 ...
Page 449: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 449 ...