How to Configure l2tp Over Ipsec

8/11/2019 How to Configure l2tp Over Ipsec

http://slidepdf.com/reader/full/how-to-configure-l2tp-over-ipsec 1/14

2007 May 1

L2TP over ISPEC

For roaming user

VPN-Gateway

1.1.1.1

Road Warrior

Windows XP

SP2

Company

Network

192.168.123.0/24

5.5.5.60

L2TP-over-IPSEC Tunnel

DFL-1600



2007 May 2

L2TP over ISPEC

For roaming user



2007 May 3

L2TP over ISPEC

For roaming user DFL 1600 settings 1/7

1Create the IP pools, L2tp-server’s IP address and

change the IP of wan1 and lan1, subnet mask of

lan1 and wan1, under the Address Book

2Under Authentication Objects, create a

pre-share key for the usage of IPSEC

tunnel



2007 May 4

L2TP over ISPEC


3 Under the Interfaces, create the IPSEC

interface for roaming users.

1. Why I select the Local Network to wan1_ip ?

Because we shall let the remote roaming users

knowing the firewall is a final destination.Or you can set this value to all-nets , let the DFL

unit auto search suitable policy.

2. Due to we don’t know the roaming user address

,we also let DFL unit auto search suitable policy.



2007 May 5

L2TP over ISPEC


4

Under the authentication, select the pre-

shared key “ipsec- pre” that we created in

step 2

5In this scenario we have no use the Xauth feature.

Under the Routing field, enable the function of

“Dynam ically Add Route To Remote Net..”



2007 May 6

L2TP over ISPEC


6

Under IKE Settings:

IKEMode: Main (Mainmode)

DHGroup: 2

PFS: NoneSetupSAPer: Host (Per host)

DeadPeerDetection: Yes

NATTraversal: OnIfNeeded (Only if

needed)

Disable Keep-alive feature

Under Advanced : AutoInterfaceNetworkRoute: No



2007 May 7

L2TP over ISPEC


7Under Interfaces field, add L2TP server’s interface, below is a step-by-step settings.

Note the field of “Outer Interface Filter” shall set to IPSEC interface which is created at

STEP 3



2007 May 8

L2TP over ISPEC


8 Add Loc al User Database

Add User Authent icat ion rule



2007 May 9

L2TP over ISPEC


9 Add Interface Grou pes, grouping the interface of L2TP and

LAN1 for easy setup.

Create IP Rules set, allow bi-direction traffic between the

interfaces of L2TP and lan1.



2007 May 10

L2TP over ISPEC

For roaming user Windows XP settings 1/3

1Checking the status of IPSEC servic e on Windows XP to make sure the IPSEC service

is enabled.



2007 May 11

L2TP over ISPEC


1Under the Network Connections--->Create a new connection and following the procedure

as below to set it up.



2007 May 12

L2TP over ISPEC


2 After the wizard step by step settings, we shall adjust some advance value for fitting the

settings with DFL-1600



2007 May 13

L2TP over ISPEC

For roaming user Confirmation 1/2

1On the Windows platform, we shall try to connect the DFL-1600 server and checking the

connection status and to see if we can get the IP address from L2TP server by using the

command tool “ipconfig” and “ping”.



2007 May 14

L2TP over ISPEC

For roaming user Confirmation 2/2

Under the Status field, select User Authentication Status

Documents

How to Configure l2tp Over Ipsec