Chapter 35 L2TP VPN
ZyWALL Series CLI Reference Guide
304
35.6 L2TP VPN Examples
This example uses the following settings in creating a basic L2TP VPN tunnel. See the Web Configurator
User’s Guide for how to configure L2TP in remote user computers using Windows XP and Windows 2000.
Figure 30 L2TP VPN Example
• The Zyxel Device has a static IP address of 172.23.37.205 for the ge3 interface.
• The remote user has a dynamic public IP address and connects through the Internet.
• You configure an IP address object named L2TP_ to assign the remote users IP addresses from
192.168.10.10 to 192.168.10.20 for use in the L2TP VPN tunnel.
• The VPN rule allows the remote user to access the LAN_SUBNET which covers the 192.168.1.1/24
subnet.
35.6.1 Configuring the Default L2TP VPN Gateway Example
The following commands configure the Default_L2TP_VPN_GW entry.
•Configure the My Address setting. This example uses interface ge3 with static IP address 172.23.37.205.
• Configure the Pre-Shared Key. This example uses “top-secret”.
35.6.2 Configuring the Default L2TP VPN Connection Example
The following commands configure the Default_L2TP_VPN_Connection entry.
Enforce and configure the local and remote policies.
•For the Local Policy, create an address object that uses host type and contains the My Address IP
address that you configured in the Default_L2TP_VPN_GW. The address object in this example uses IP
address 172.23.37.205 and is named L2TP_IFACE.
Router(config)# isakmp policy Default_L2TP_VPN_GW
Router(config-isakmp Default_L2TP_VPN_GW)# local-ip interface ge3
Router(config-isakmp Default_L2TP_VPN_GW)# authentication pre-share
Router(config-isakmp Default_L2TP_VPN_GW)# keystring top-secret
Router(config-isakmp Default_L2TP_VPN_GW)# activate
Router(config-isakmp Default_L2TP_VPN_GW)# exit
Router(config)#
To Next Page
Loading...
