Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Device Level L2TP VPN: Using L2TP Configuration Overview


To connect to an L2TP VPN tunnel, the L2TP RAS user uses the IP address and WINS/DNS information assigned by the user’s ISP. However, when the L2TP RAS user sends VPN traffic through the tunnel, the security device assigns a new IP address and WINS/DNS information that enables the traffic to reach the destination network.

Enter a name for the L2TP VPN, and then specify the following information as described in Table 1.

Table 1: Device Level L2TP VPN: using L2TP Configuration

L2TP Options


Host Name

Enter the name of the L2TP host.

Outgoing Interface

Specify the outgoing interface, which is the interface on the security device that sends and receives VPN traffic. Typically, the outgoing interface is in the untrust zone.

Keep Alive

Specify the number of seconds a VPN member waits between sending hello packets to an L2TP RAS user.

Peer IP

Enter the IP address of the L2TP peer.


Enter the shared secret that authenticates communication in the L2TP tunnel.

Remote Settings

Select the preconfigured remote settings object that represents the DNS and WINS servers assigned to L2TP RAS users after they have connected to the tunnel.

IP Pool Name

Select the preconfigured IP pool object that represents the available IP addresses that can be assigned to L2TP RAS users after they have connected to the tunnel.

Auth Server

  • Use the default settings to use the default authentication server for the domain. To change or assign a domain authentication server, edit the domain settings; for details, see the Network and Security Manager Administration Guide.

  • Use custom settings to specify a preconfigured authentication server object to assign TCP/IP settings to the gateway and authenticate specific L2TP user or user groups.