SonicOS 7.1 IPSec VPN

Configuring Microsoft Windows L2TP VPN Client Access

This provides an example for configuring L2TP client access to the WAN GroupVPN SA using the built-in L2TP Server and Microsoft's L2TP VPN Client.

SonicOS supports only X.509 certificates for L2TP clients; PKCS #7 encoded X.509 certificates are not supported in SonicOS for L2TP connections.

To enable Microsoft L2TP VPN Client access to the WAN GroupVPN SA

  1. Navigate to the NETWORK | VPN > Rules and Settings page.
  2. For the WAN GroupVPN policy, click the Edit icon in the Configure column.
  3. On the General screen, select IKE using Preshared Secret for the Authentication Method.
  4. Enter a shared secret passphrase in the Shared Secret field to complete the client policy configuration.
  5. Click Save.
  6. Navigate to the NETWORK | IPSec VPN > L2TP Server page.
  7. In the L2TP Server section, select Enable L2TP Server.
  8. Click Configure.
  9. Provide the following L2TP Server Settings:

    • Keep alive time (secs): 60
    • DNS Server 1: 199.2.252.10 (or use your ISP’s DNS)
    • DNS Server 2: 4.2.2.2 (or use your ISP’s DNS)
    • DNS Server 3: 0.0.0.0 (or use your ISP’s DNS)
    • WINS Server 1: 0.0.0.0 (or use your WINS IP)
    • WINS Server 2: 0.0.0.0 (or use your WINS IP)
  10. Click L2TP Users Settings.
  11. Set the following options:

    • IP address provided by RADIUS/LDAP Server if a RADIUS/LDAP Server provides IP addressing information to the L2TP clients. If the L2TP Server provides IP addresses, select Use the Local L2TP IP pool.

    • Use the Local L2TP IP pool: Enabled (selected; the default)
    • Start IP: 10.20.0.1 (use your own IP)
    • End IP: 10.20.0.20 (use your own IP)
  12. Select Trusted Users from the User group for L2TP users drop-down menu.
  13. Click Save.
  14. Navigate to the DEVICE | Users > Local Users & Groups page.
  15. Click Local Users.
  16. Click +Add User to display the User Settings dialog.

  17. Specify a user name and password in the Name, Password, and Confirm Password fields.

  18. Click Save.

    By editing the VPN > LAN access rule or another VPN access rule (under POLICY | Rules and Policies > Access Rules), you can restrict network access for L2TP clients. To locate a rule to edit, select the All Types view on the Access Rules table and look at the Source column for L2TP IP Pool.

    1. On your Microsoft Windows computer, complete the following L2TP VPN Client configuration to enable secure access:

    2. Navigate to the Start > Control Panel > Network and Sharing Center.

    3. Open the New Connection Wizard.

    4. Choose Connect to a workplace.

    5. Click Next.

    6. Choose Virtual Private Network Connection. Click Next.

    7. Enter a name for your VPN connection. Click Next.

    8. Enter the Public (WAN) IP address of the firewall. Alternatively, you can use a domain name that points to the firewall.

    9. Click Next, and then click Finish.

    10. In the Connection window, click Properties.

    11. Click Security.

    12. Click on IPSec Settings.

    13. Enable Use preshared key for authentication.

    14. Enter your preshared secret key and click OK.

    15. Click Networking.

    16. Change Type of VPN from Automatic to L2TP IPSec VPN.

    17. Click OK.

    18. Enter your XAUTH username and password.

    19. Click Connect.

  19. Verify your Microsoft Windows L2TP VPN device is connected by navigating to the NETWORK | IPSec VPN > Rules and Settings page. The VPN client is displayed in the Currently Active VPN Tunnels section.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden