VPN
Configuring L2TP Server
Cisco ISA500 Series Integrated Security Appliances Administration Guide 386
8
• IPsec: Click On to enable the data encryption over the IPsec VPN tunnel, or
click Off to disable it.
• Pre-shared Key: The data encryption over the VPN tunnel uses a
pre-shared key for authentication. If you enable IPsec, enter the desired
value, which the L2TP client must provide to establish a connection. The
pre-shared key must be entered exactly the same here and on the L2TP
clients.
STEP 4 Click Save to apply your settings.
STEP 5 By default, the firewall denies access from VPN zone to LAN and voice zones. If
you want to allow L2TP clients to access your default VLAN, you must go to the
Firewall > Access Control > ACL Rules page to manually create a firewall rule as
follows:
Field Setting
From Zone VPN
To Zone LAN
Service Any
Source Address l2tp_clients
NOTE: Choose Create a new address from the
drop-down list to create an address object
“l2tp_clients” with the IP address range of L2TP
server’s address pool.
Destination Address DEFAULT_NETWORK
Schedule Always on
Match Action Permit