Example: Creating Device Level VPN Type 3 (NSM Procedure)

In this example, you create a RAS user group called Field Sales and configure an L2TP tunnel called Sales_Corp, using ethernet3 (untrust zone) as the outgoing interface for the L2TP tunnel. The security device applies the default L2TP tunnel settings to the RAS user group.

Note: An L2TP-only configuration is insecure, and we only recommend it for debugging.

The remote L2TP clients are on Windows 2000 operating systems. For information on how to configure L2TP on the remote clients, refer to Windows 2000 documentation. Only the configuration for the security device end of the L2TP tunnel is provided as in Figure 2.

Figure 2: PB RAS VPN, L2TP Example Overview

PB RAS VPN, L2TP Example Overview
  1. Configure the L2TP user objects. First, configure an L2TP user object for Adam, and then click OK:
    • For Name, enter Adam.
    • Select Enable, and then select L2TP.
    • Select Password, and then enter and confirm the password: AJbioJ15.
  2. Configure an L2TP user object for Betty, and then click OK:
    • For Name, enter Betty.
    • Select Enable, and then select L2TP.
    • Select Password, and then enter and confirm the password: BviPsoJ1.
  3. Configure an L2TP user object for Carol, and then click OK:
    • For Name, enter Carol.
    • Select Enable, and then select L2TP.
    • Select Password, and then enter and confirm the password: Cs10kdD3.
  4. Create a local user group called Field Sales that includes the Adam, Betty, and Carol local user objects.
  5. Configure the remote settings object. Configure the following settings, and then click OK:
    • For Name, enter RM_L2TP.
    • For Color, select green.
    • For Dns1, enter 1.1.1.2.
    • For Dns2, enter 1.1.1.3.
    • For Wins1, enter 0.0.0.0.
    • For Wins2, enter 0.0.0.0.

      For details on creating remote settings objects, see the Network and Security Manager Administration Guide.

  6. Configure the IP pool object. Configure the following settings, and then click OK:
    • For IP Pool Name, enter Global.
    • For Color, select magenta.
    • For Start IP, enter 10.10.2.100.
    • For End IP, enter 10.10.2.180.

      For details on creating IP pool objects, see “Configuring IP Pools” in the Network and Security Manager Administration Guide.

  7. Configure the L2TP tunnel:
    • In Device Manager, double-click the device icon for the device on which you want to configure the L2TP tunnel.
    • In the device navigation tree, select VPN Settings > L2TP. In the display area, click the Add icon. The null-L2TP tunnel dialog box appears.
  8. Configure the following settings, and then click OK:
    • For Name, enter Sales_Corp.
    • For Outgoing Interface, select ethernet3.
    • For Keep Alive, enter 60.
    • For Peer IP, enter 0.0.0.0 (because the peer’s ISP dynamically assigns it an IP address, enter 0.0.0.0 here).
    • Select Use Custom Settings, and leave the default authentication server as Local.
    • For User/Group, select Dialup Group, and then select Field Sales.
  9. Click OK to save your changes to the device.
  10. Configure a rule in the zone rulebase of a security policy.

Related Documentation