Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring L2TP Local Users (NSM Procedure)

 

The Layer 2 Tunneling Protocol (L2TP) enables a security device to authenticate users using the local database or an external auth server, and assign specific remote settings and IP pools.

L2TP enables the security device to authenticate users; to encrypt an L2TP VPN tunnel, you must apply an encryption scheme, such as IPsec, to the L2TP tunnel. When configuring an L2TP-over-IPsec VPN, you are actually setting up an L2TP tunnel and an IPSec tunnel with the same endpoints, and then linking the two tunnels together in a security policy rule. VPN Manager automatically generates the required rules; if you are creating the L2TP-over-IPsec VPN at the device-level, you must configure the rules manually. For more information about L2TP VPNs, see Device Level L2TP VPN: Using L2TP Users Configuration Overview.

You can also use the device to assign specific IP, DNS server, and WINS server addresses from the local database or a RADIUS server. When you assign the L2TP user or user group a remote setting and IP pool at the device level, the settings override the remote settings and IP pool assigned to the VPN. You can even use different auth servers, one for each aspect of L2TP. For example, you might use a SecurID server to authenticate an L2TP user but make the address assignments from the local database.

Figure 1: Configure L2TP Local User
Configure L2TP Local User
  1. In the NSM navigation tree, select Object Manager >User Objects > Local Users. In the display area, click the Add icon. Configure the following settings, and then click OK:

    • For Name, enter Adam.

    • For Color, select orange.

    • Select Enable, and then select L2TP.

    • Select Password, and then enter and confirm the password: AJbioJ15.

      For information about how to create user objects, see the Network and Security Manager Administration Guide.

  2. In the NSM navigation tree, select Object Manager >Remote Settings. In the display area, click the Add icon. Configure the following settings, and then click OK:

    • For Name, enter RM_L2TP.

    • For Color, select green.

    • Enter comments, if desired.

    • For Dns1, enter 1.1.1.2.

    • For Dns2, enter 1.1.1.3.

    • For Wins1, enter 0.0.0.0.

    • For Wins2, enter 0.0.0.0.

      For information about how to create remote settings objects, see the Network and Security Manager Administration Guide.

    • In the NSM navigation tree, select Object Manager > IP Pools. Configure the new IP pool:

  3. In the display area, click the Add icon. The New IP Pool dialog box appears. Configure the following settings:

    • For IP Pool Name, enter Global.

    • For Color, select magenta.

    • Enter comments, if desired.

  4. Click the Add icon. Configure the following settings and click OK:

    • For Start IP, enter 10.10.2.100.

    • For End IP, enter 10.10.2.180.

  5. Click OK to save the new IP pool object. For information about how to create IP pool objects, see “Configuring IP Pools” in the Network and Security Manager Administration Guide.

  6. Configure the L2TP local user:

    • In the NSM navigation tree, select Device Manager > Devices, and then double-click the device on which you want to configure the L2TP local user. The device configuration appears.

    • In the device navigation tree, select L2TP/XAuth/Local User, and then click the Add icon. The new L2TP/XAuth User Settings dialog box appears. Configure the following settings, and then click OK:

    • For User, select Adam.

    • For Remote Settings, select RM_L2TP.

    • For IP Pool, select Global.

  7. Click OK to save your changes to the device configuration.