Chapter 35 L2TP VPN
ZyWALL Series CLI Reference Guide
302
35.5.1 L2TP VPN Commands
This table lists the commands for L2TP VPN. You must use the configure terminal command to
enter the configuration mode before you can use these commands.
Table 160 L2TP VPN Commands
COMMAND DESCRIPTION
l2tp-over-ipsec recover
default-ipsec-policy
If the default L2TP IPSec policy has been deleted, use this command to
recreate it (with the default settings).
[no] l2tp-over-ipsec
activate;
Turns L2TP VPN on. The no command turns it off.
l2tp-over-ipsec crypto
map_name
Specifies the IPSec VPN connection the Zyxel Device uses for L2TP VPN. It
must meet the requirements listed in Section 35.2 on page 299.
Note: Modifying this VPN connection (or the VPN gateway that it
uses) disconnects any existing L2TP VPN sessions.
l2tp-over-ipsec address-
object
Specifies the address object that defines the of IP addresses that the
Zyxel Device uses to assign to the L2TP VPN clients.
l2tp-over-ipsec
authentication
authentication profile_name
Specifies how the Zyxel Device authenticates a remote user before
allowing access to the L2TP VPN tunnel.
The authentication method has the Zyxel Device check a user’s user
name and password against the Zyxel Device’s local database, a
remote LDAP, RADIUS, a Active Directory server, or more than one of
these.
certificate cert_name
Select the certificate to use to identify the Zyxel Device for L2TP VPN
connections. The certificate is used with the EAP, PEAP, and MSCHAPv2
authentication protocols. The certificate must already be configured.
[no] l2tp-over-ipsec user
user_name
Specifies the user or user group that can use the L2TP VPN tunnel. If you
do not configure this, any user with a valid account and password on the
Zyxel Device to log in. The no command removes the user name setting.
[no] l2tp-over-ipsec
keepalive-timer <1..180>
The Zyxel Device sends a Hello message after waiting this long without
receiving any traffic from the remote user. The Zyxel Device disconnects
the VPN tunnel if the remote user does not respond. The no command
returns the default setting.
[no] l2tp-over-ipsec first-
dns-server {ip |
interface_name} {1st-
dns|2nd-dns|3rd-dns}|
{ppp_interface}{1st-dns|2nd-
dns}}
Specifies the first DNS server IP address to assign to the remote users. You
can specify a static IP address, or a DNS server that an interface
received from its DHCP server. The no command removes the setting.
[no] l2tp-over-ipsec second-
dns-server {ip |
interface_name} {1st-
dns|2nd-dns|3rd-dns}|
{ppp_interface}{1st-dns|2nd-
dns}}
Specifies the second DNS server IP address to assign to the remote users.
You can specify a static IP address, or a DNS server that an interface
received from its DHCP server. The no command removes the setting.
[no] l2tp-over-ipsec first-
wins-server ip
Specifies the first WINS server IP address to assign to the remote users. The
no command removes the setting.
[no] l2tp-over-ipsec second-
wins-server ip
Specifies the second WINS server IP address to assign to the remote users.
The no command removes the setting.
no l2tp-over-ipsec session
tunnel-id <0..65535>
Deletes the specified L2TP VPN tunnel.
To Next Page
Loading...
