Using IPsec for Encryption
As stated previously, L2TPv3 does not provide encryption. For encryption across the public
Internet, IPsec should be used. The following example shows how this is achieved by specifying
the IPsec tunnel to be used as a property of the L2TPv3 client object.
Example 9.19. L2TPv3 Client Setup With IPsec
This example is the same as the previous example but uses an IPsec tunnel to the server for
encryption. It is assumed that the IPsec tunnel object has already been defined with the name
l2tpv3_ipsec_tunnel.
IPsec tunnel setup is not shown here but it will follow the exact same procedure for L2TP which is
shown in Example 9.14, “Setting up an L2TP Tunnel Over IPsec”.
Command-Line Interface
A. Define the L2TPv3Client object:
gw-world:/> add Interface L2TPv3Client my_l2tpv3_client
IP=inner_client_ip
LocalNetwork=If1_net
PseudowireType=Ethernet
Protocol=UDP
RemoteEndpoint=l2tpv3_server_ip
IPsecInterface=l2tpv3_ipsec_tunnel
B. Next, enable transparent mode on the protected interface If1:
gw-world:/> set Interface Ethernet If1 AutoSwitchRoute=Yes
Web Interface
A. First, define an L2TPv3 Client object:
1. Go to: Network > Interfaces and VPN > L2TPv3 Client > Add > L2TPv3 Client
2. Now enter:
• Name: my_l2tpv3_client
• Inner IP Address: inner_client_ip
• Local Network: If1_net
• Pseudowire Type: Ethernet
• Protocol: UDP
• Remote Endpoint: l2tpv3_server_ip
• IPsecInterface: l2tpv3_ipsec_tunnel
3. Click OK
B. Next, enable transparent mode on the protected interface If1:
Chapter 9: VPN
750
To Next Page
Loading...
