270
01-28006-0014-20041105
Fortinet Inc.
L2TP
VPN
Setting up a L2TP-based VPN
To set up a L2TP VPN, you must configure both the FortiWiFi unit and the remote
Windows client.
To create an L2TP VPN configuration
1
Add a user group to the FortiWiFi unit.
The L2TP clients must be authenticated before being allowed to start a VPN tunnel.
To enable authentication, you must add a user group to the FortiWiFi unit. Within the
user group, add a user for each L2TP client. You can add users to the FortiWiFi user
database, to authentication servers (RADIUS or LDAP), or to both. See
“Users and
authentication” on page 239
.
2
Enable L2TP and specify a L2TP address range.
The L2TP address range is the range of addresses reserved for remote L2TP clients.
When a remote L2TP client connects to the internal network using L2TP, the client
computer is assigned an IP address from this range. The L2TP address range can be
on any subnet. See
“Enabling L2TP and specifying an L2TP range” on page 270
.
3
Add a source address.
The source address is the L2TP range. See
“To add an address” on page 206
.
4
Add a destination address.
The destination address is the address to which the L2TP clients can connect. For
example, if the destination address is on the internal network, you would create an
external-to-internal policy to control the access that L2TP users have through the
FortiWiFi unit. Typically you would add only one destination address, for the entire
internal subnetwork. See
“To add an address” on page 206
.
5
Add an external-to-internal firewall policy.
The firewall policy specifies the source and destination addresses and sets the
service for the policy to the traffic type inside the L2TP VPN tunnel. For example, if
you want L2TP clients to be able to access a web server, set the service to HTTP.
See
“To add a firewall policy” on page 202
.
6
Configure the Windows client. See:
•
Configuring a Windows 2000 client for L2TP
.
•
Configuring a Windows XP client for L2TP
.
Enabling L2TP and specifying an L2TP range
The L2TP address range is the range of addresses reserved for remote L2TP clients.
When a remote Windows client connects to the internal network using L2TP, the client
computer is assigned an IP address from this range. The L2TP address range can be
on any subnet.
Summary of Contents for Fortiwifi fortiwifi-60
Page 42: ...42 01 28006 0014 20041105 Fortinet Inc Changing the FortiWiFi firmware System status...
Page 78: ...78 01 28006 0014 20041105 Fortinet Inc Wireless MAC Filter System wireless...
Page 86: ...86 01 28006 0014 20041105 Fortinet Inc Dynamic IP System DHCP...
Page 120: ...120 01 28006 0014 20041105 Fortinet Inc Access profiles System administration...
Page 238: ...238 01 28006 0014 20041105 Fortinet Inc Protection profile Firewall...
Page 250: ...250 01 28006 0014 20041105 Fortinet Inc CLI configuration Users and authentication...
Page 326: ...326 01 28006 0014 20041105 Fortinet Inc CLI configuration Antivirus...
Page 372: ...372 01 28006 0014 20041105 Fortinet Inc CLI configuration Log Report...
Page 386: ...386 01 28006 0014 20041105 Fortinet Inc Glossary...