Chapter 31 L2TP VPN
ZyWALL USG 100/200 Series User’s Guide
560
• Use transport mode.
• Not be a manual key VPN connection.
•Use Pre-Shared Key authentication.
• Use a VPN gateway with the Secure Gateway set to 0.0.0.0 if you need to
allow L2TP VPN clients to connect from more than one IP address.
Using the Default L2TP VPN Connection
Default_L2TP_VPN_Connection is pre-configured to be convenient to use for
L2TP VPN. If you use it, edit the following.
Configure the local and remote policies as follows.
•For the Local Policy, create an address object that uses host type and contains
the My Address IP address that you configured in the
Default_L2TP_VPN_GW. Use this address object in the local policy.
•For the Remote Policy, create an address object that uses host type and an IP
address of 0.0.0.0. Use this address object in the remote policy.
You must also edit the Default_L2TP_VPN_GW gateway entry.
• Configure the My Address setting according to your requirements.
• Replace the default Pre-Shared Key.
Policy Route
You must configure a policy route to let remote users access resources on a
network behind the ZyWALL.
• Set the policy route’s Source Address to the address object that you want to
allow the remote users to access (LAN_SUBNET in the following figure).
•Set the Destination Address to the IP address pool that the ZyWALL assigns
to the remote users (L2TP_POOL in the following figure).
• Set the next hop to be the VPN tunnel that you are using for L2TP.
Figure 407 Policy Route for L2TP VPN
LAN_SUBNET
L2TP_POO
To Next Page
Loading...
