VPN > IPsec > L2TP Remote Access

Microsoft VPN clients use L2TP Layer 2 Tunneling Protocol and L2TP over IPsec to establish VPN connections. On this window, you configure the Threat Management Services (TMS) zl Module to be an LNS L2TP Network Server that allows LACs (L2TP clients) access to the private network.

On this window, you configure L2TP policies and dial-in user policies.

L2TP Policy

Before you configure an L2TP policy, you MUST do the following:

Configuring an L2TP policy is step 6 in configuring an L2TP over IPsec client-to-site VPN. To see all of the steps to configure a client-to-site L2TP over IPsec VPN, including an explanation of the figure below, click here.

Click the to see an explanation of the field, or click here to see all L2TP fields.

 

  • Add L2TP Policy — Click to add an L2TP policy.

  • Policy Name

  • Enable this policy — Select to enable the policy or clear to disable the policy.

  • IKE Policy

  • Proposal

  • SA lifetime in seconds

  • SA lifetime in kilobytes

 

If you specify the SA lifetime both in seconds and in kilobytes, the SA is evaluated when the first limit is reached.

 

  • Optional: Enable PFS Perfect Forward Secrecy for keys

  • Optional: Enable IP Compression

 

Dial-In User

You must configure one dial-in user policy for each L2TP VPN user. The Dial-In User name, Authentication Protocol User name, and User IP Address must be unique to each user.

Before you configure a dial-in user policy, you MUST do the following:

Configuring a dial-in user policy is step 7 in configuring an L2TP over IPsec remote access VPN. To see all of the steps to configure a remote-access L2TP over IPsec VPN, including an explanation of the figure below, click here.

Click the  icon to see an explanation of the field, or click here to see all dial-in user fields.

 

  • Add Dial-in User — Click to add a dial-in user policy.

  • Dial-In User Name 

  • Server IP Address/Subnet Mask 

  • User IP Address 

  • Authentication 

  • Policy Group Name 

  • Authentication Protocol 

  • User 

  • Password 

  • Default Gateway 

  • Primary and Secondary DNS Servers 

  • Optional: Primary and Secondary WINS Servers