L2TP VPN

See the L2TP VPN section for related information on these screens.

L2TP VPN Overview

L2TP VPN lets remote users use the L2TP and IPSec client software included with their computers' operating systems to securely connect to the network behind the ZyWALL. The remote users do not need their own IPSec gateways or VPN client software.

The Layer 2 Tunneling Protocol (L2TP) works at layer 2 (the data link layer) to tunnel network traffic between two peers over another network (like the Internet). In L2TP VPN, an IPSec VPN tunnel is established first (see IPSec VPN for information on IPSec) and then an L2TP tunnel is built inside it.

Note: At the time of writing the L2TP remote user must have a public IP address in order for L2TP VPN to work (the remote user cannot be behind a NAT router or a firewall).

IPSec Configuration

You must configure an IPSec VPN connection for L2TP VPN to use (see IPSec VPN for details). The IPSec VPN connection must:

Using the Default L2TP VPN Connection

Default_L2TP_VPN_Connection is pre-configured to be convenient to use for L2TP VPN. If you use it, edit the following.

Configure the local and remote policies as follows.

You must also edit the Default_L2TP_VPN_GW gateway entry.

Policy Route

You must configure a policy route to let remote users access resources on a network behind the ZyWALL.

L2TP VPN Configuration

Use this screen to configure the ZyWALL's L2TP VPN settings.

Note: Disconnect any existing L2TP VPN sessions before modifying L2TP VPN settings. The remote users must make any needed matching configuration changes and re-establish the sessions using the new settings.

VPN > IPSec VPN > VPN Connection 

Label
Description
Enable L2TP Over IPSec
Use this field to turn the ZyWALL's L2TP VPN function on or off.
VPN Connection
Select the IPSec VPN connection the ZyWALL uses for L2TP VPN. All of the configured VPN connections display here, but the one you use must meet the requirements listed in IPSec Configuration.

Note: Modifying this VPN connection (or the VPN gateway that it uses) disconnects any existing L2TP VPN sessions.

IP Address Pool
Select the pool of IP addresses that the ZyWALL uses to assign to the L2TP VPN clients. Select Create Object to configure a new pool of IP addresses.
Authentication Method
Select how the ZyWALL authenticates a remote user before allowing access to the L2TP VPN tunnel.
The authentication method has the ZyWALL check a user's user name and password against the ZyWALL's local database, a remote LDAP, RADIUS, a Active Directory server, or more than one of these. See Authentication Objects for how to create authentication method objects.
Allowed User
The remote user must log into the ZyWALL to use the L2TP VPN tunnel.
Select a user or user group that can use the L2TP VPN tunnel. Select Create Object to configure a new user account (see User Add/Edit for details). Otherwise, select any to allow any user with a valid account and password on the ZyWALL to log in.
Keep Alive Timer
The ZyWALL sends a Hello message after waiting this long without receiving any traffic from the remote user. The ZyWALL disconnects the VPN tunnel if the remote user does not respond.
First DNS Server
Second DNS Server
Specify the IP addresses of DNS servers to assign to the remote users. You can specify these IP addresses two ways.
Custom Defined - enter a static IP address.
From ISP - use the IP address of a DNS server that another interface received from its DHCP server.
First WINS Server, Second WINS Server
The WINS (Windows Internet Naming Service) server keeps a mapping table of the computer names on your network and the IP addresses that they are currently using.
Type the IP addresses of up to two WINS servers to assign to the remote users. You can specify these IP addresses two ways.
Apply
Click Apply to save your changes in the ZyWALL.
Reset
Click Cancel to start configuring this screen afresh.

L2TP VPN Session Monitor

Use this screen to display and manage the ZyWALL's connected L2TP VPN sessions.

VPN > L2TP VPN > Session Monitor 

Label
Description
#
This is the index number of a current L2TP VPN session.
User Name
This field displays the remote user's user name.
Hostname
This field displays the name of the computer that has this L2TP VPN connection with the ZyWALL.
Assigned IP
This field displays the IP address that the ZyWALL assigned for the remote user's computer to use within the L2TP VPN tunnel.
Public IP
This field displays the public IP address that the remote user is using to connect to the Internet.
Disconnect
Click the Disconnect icon next to an L2TP VPN connection to disconnect it.
Refresh
Click Refresh to update the information in the display.