Filter
Top Products
DFL-500 User Manual
6
9
L2TP VPN configuration
L2TP clients must be able to authenticate with the DFL-500 NPG to start a L2TP session. To support L2TP
authentication, you must add a user group to the DFL-500 NPG configuration. This user group can contain
users added to the DFL-500 NPG user database, RADIUS servers, or both.
After you have added a user group, configure your DFL-500 NPG to support L2TP by enabling L2TP and
specifying a L2TP address range. The L2TP address range is the range of addresses that must be reserved
for remote L2TP clients. When a remote L2TP client connects to the internal network using L2TP, the client
computer is assigned an IP address from this range. The L2TP address range can be on any subnet.
L2TP VPN between a Windows client and the DFL-500 NPG
Make sure that your ISP supports L2TP connections.
Add firewall policies with an external source address to control the access that L2TP clients have through the
DFL-500 NPG.
Add the addresses in the L2TP address range to the external interface address list. To make policy
configuration easier, you can create an address group for L2TP that contains the IP addresses that can be
assigned to L2TP clients from the L2TP address range.
Add addresses to the internal interface address list to control the addresses to which L2TP clients can
connect.
You create Ext -> Int policies to control the access that L2TP users have through the DFL-500 NPG.
Set the service for the policy to the traffic type inside the L2TP VPN tunnel. For example, if you want L2TP
clients to be able to access a web server, set service to HTTP.
Configuring the DFL-500 NPG as an L2TP gateway
• Create a user group for your L2TP users.
See Users and authentication
.
• Go to VPN > L2TP > L2TP Range .