PPTP and L2TP VPN Configuring L2TP
FortiGate-4000 Installation and Configuration Guide 267
2 Select the policy list that you want to add the policy to (usually, External->Internal).
3 Select New to add a policy.
4 Set Source to the group that matches the L2TP address range.
5 Set Destination to the address to which L2TP users can connect.
6 Set Service to match the traffic type inside the L2TP VPN tunnel.
For example, if L2TP users can access a web server, select HTTP.
7 Set Action to ACCEPT.
8 Select NAT if address translation is required.
You can also configure traffic shaping, logging, and antivirus and web filter settings for
L2TP policies.
9 Select OK to save the firewall policy.
Configuring a Windows 2000 client for L2TP
Use the following procedure to configure a client computer running Windows 2000 so
that it can connect to a FortiGate L2TP VPN.
To configure an L2TP dialup connection
1 Go to Start > Settings > Network and Dial-up Connections.
2 Double-click Make New Connection to start the Network Connection Wizard and
select Next.
3 For Network Connection Type, select Connect to a private network through the
Internet and select Next.
4 For Destination Address, enter the address of the FortiGate unit to connect to and
select Next.
5 Set Connection Availability to Only for myself and select Next.
6 Select Finish.
7 In the Connect window, select Properties.
8 Select the Security tab.
9 Make sure that Require data encryption is selected.
10 Select the Networking tab.
11 Set VPN server type to Layer-2 Tunneling Protocol (L2TP).
12 Save the changes and continue with the following procedure.
To disable IPSec
1 Select the Networking tab.
2 Select Internet Protocol (TCP/IP) properties.
3 Double-click the Advanced tab.
Note: If a RADIUS server is used for authentication do not select Require data encryption.
L2TP encryption is not supported for RADIUS server authentication.