L2TP VPN
See the L2TP VPN section for related information on these screens.
L2TP VPN Overview
L2TP VPN lets remote users use the L2TP and IPSec client software included with their computers' operating systems to securely connect to the network behind the ZyWALL. The remote users do not need their own IPSec gateways or VPN client software.
The Layer 2 Tunneling Protocol (L2TP) works at layer 2 (the data link layer) to tunnel network traffic between two peers over another network (like the Internet). In L2TP VPN, an IPSec VPN tunnel is established first (see IPSec VPN for information on IPSec) and then an L2TP tunnel is built inside it.
Note: At the time of writing the L2TP remote user must have a public IP address in order for L2TP VPN to work (the remote user cannot be behind a NAT router or a firewall).
IPSec Configuration
You must configure an IPSec VPN connection for L2TP VPN to use (see IPSec VPN for details). The IPSec VPN connection must:
Using the Default L2TP VPN Connection
Default_L2TP_VPN_Connection is pre-configured to be convenient to use for L2TP VPN. If you use it, edit the following.
Configure the local and remote policies as follows.
- For the Local Policy, create an address object that uses host type and contains the My Address IP address that you configured in the Default_L2TP_VPN_GW. Use this address object in the local policy.
- For the Remote Policy, create an address object that uses host type and an IP address of 0.0.0.0. Use this address object in the remote policy.
You must also edit the Default_L2TP_VPN_GW gateway entry.
Policy Route
You must configure a policy route to let remote users access resources on a network behind the ZyWALL.
L2TP VPN Configuration
Use this screen to configure the ZyWALL's L2TP VPN settings.
Note: Disconnect any existing L2TP VPN sessions before modifying L2TP VPN settings. The remote users must make any needed matching configuration changes and re-establish the sessions using the new settings.
VPN > IPSec VPN > VPN Connection
Label Description Enable L2TP Over IPSec Use this field to turn the ZyWALL's L2TP VPN function on or off. VPN Connection Select the IPSec VPN connection the ZyWALL uses for L2TP VPN. All of the configured VPN connections display here, but the one you use must meet the requirements listed in IPSec Configuration.Note: Modifying this VPN connection (or the VPN gateway that it uses) disconnects any existing L2TP VPN sessions.
IP Address Pool Select the pool of IP addresses that the ZyWALL uses to assign to the L2TP VPN clients. Select Create Object to configure a new pool of IP addresses. Authentication Method Select how the ZyWALL authenticates a remote user before allowing access to the L2TP VPN tunnel.The authentication method has the ZyWALL check a user's user name and password against the ZyWALL's local database, a remote LDAP, RADIUS, a Active Directory server, or more than one of these. See Authentication Objects for how to create authentication method objects. Allowed User The remote user must log into the ZyWALL to use the L2TP VPN tunnel.Select a user or user group that can use the L2TP VPN tunnel. Select Create Object to configure a new user account (see User Add/Edit for details). Otherwise, select any to allow any user with a valid account and password on the ZyWALL to log in. Keep Alive Timer The ZyWALL sends a Hello message after waiting this long without receiving any traffic from the remote user. The ZyWALL disconnects the VPN tunnel if the remote user does not respond. First DNS ServerSecond DNS Server Specify the IP addresses of DNS servers to assign to the remote users. You can specify these IP addresses two ways.Custom Defined - enter a static IP address.From ISP - use the IP address of a DNS server that another interface received from its DHCP server. First WINS Server, Second WINS Server The WINS (Windows Internet Naming Service) server keeps a mapping table of the computer names on your network and the IP addresses that they are currently using.Type the IP addresses of up to two WINS servers to assign to the remote users. You can specify these IP addresses two ways. Apply Click Apply to save your changes in the ZyWALL. Reset Click Cancel to start configuring this screen afresh.
L2TP VPN Session Monitor
Use this screen to display and manage the ZyWALL's connected L2TP VPN sessions.