Chapter 35 L2TP VPN
ZyWALL Series CLI Reference Guide
300
• Use a VPN gateway with the Secure Gateway set to 0.0.0.0 if you need to allow L2TP VPN clients to
connect from more than one IP address.
35.2.1 Using the Default L2TP VPN Connection
Default_L2TP_VPN_Connection is pre-configured to be convenient to use for L2TP VPN. If you use it, edit
the following.
Configure the local and remote policies as follows.
•For the Local Policy, create an address object that uses host type and contains the My Address IP
address that you configured in the Default_L2TP_VPN_GW. Use this address object in the local policy.
•For the Remote Policy, create an address object that uses host type and an IP address of 0.0.0.0. Use
this address object in the remote policy.
You must also edit the Default_L2TP_VPN_GW gateway entry.
• Configure the My Address setting according to your requirements.
•Replace the default Pre-Shared Key.
35.3 LAN Policy Route
You must configure a policy route to let VPN users access resources on a network behind the Zyxel
Device.
• Set the policy route’s Source Address to the address object that you want to allow the remote users to
access (LAN_SUBNET in the following figure).
• Set the Destination Address to the IP address that the Zyxel Device assigns to the remote users (L2TP_
in the following figure).
Figure 29 Policy Route for L2TP VPN
35.4 WAN Policy Route
You must configure a policy route with SNAT to let VPN users send traffic out through the WAN interface,
for example to the Internet.
To Next Page
Loading...
