Device Configuration : Configure : VPN : L2TP Connections : Add L2TP Connection
Add L2TP Connection
Page describes how you can create an L2TP Connection
1. Go to Device Configuration > Configure > VPN > L2TP Connections and click Add.
2. Enter the parameter values as below.
General Settings
Name
Specify a unique name to identify L2TP Connection.
Description
Provide description for L2TP Connection.
Policy
Select policy to be used for connection.
Policy can also be added by clicking Create New link.
Action on VPN Restart
Select the Action to be taken on the connection when VPN services or Device restarts.
Available Options
Respond Only – Keeps connection ready to respond to any incoming request.
* Disable
Keeps connection disabled till the user activates.
Authentication Details
Authentication Type
Select Authentication Type. Authentication of user depends on the type of connection.
Available Options:
* Preshared Key
Preshared Key authentication is a mechanism whereby a single key is used for encryption and decryption. Both the peers should possess the Preshared Key. Remote peer uses the Preshared Key for decryption. On selecting this option the user shall require to provide the following details:
Preshared Key – Specify the Preshared Key to be used. Preshared Key should be of minimum 5 characters.
Confirm Preshared Key – Provide the same Preshared Key to confirm it.
This Preshared Key will have to be shared or communicated to the peer at the remote end. At the remote end, client will have to specify this key for authentication.
If there is a mismatch in the key, user will not be able to establish the connection.
* Digital Certificate
Digital Certificate authentication is a mechanism whereby sender and receiver both use Digital Certificate issued by the Certificate Authority. Both sender and receiver must have each other’s Certificate Authority.
Local Certificate – Select the local certificate that should be used for authentication by the Device.
Remote Certificate – Select the remote certificate that should be used for authentication by remote peer.
Local Network Detail
Local WAN Port
Specify the Local Port number that the local VPN peer uses to transport traffic related to TCP or UDP protocol.
Acceptable Range - 1 to 65535
To specify any local port, enter *.
Local ID
For Preshared Key and RSA Key, select any type of ID from the available options and specify its value.
Available Options:
* DNS
* IP Address
* Email Address
DER ASN1 DN(X.509)
(DER ASN1 DN (X.509) is not applicable. In case of Local Certificate, ID and its value is displayed automatically as specified in the Local Certificate)
Remote Network Details
Remote Host
Specify IP Address or host name of of remote end-point. Specify * for any IP Address.
Allow NAT Traversal
Enable NAT traversal if a NAT device is located between your VPN endpoints i.e. when remote peer has private/non-routable IP Address.
At a time only one connection can be established behind one NAT-box.
Default-Enabled
Remote LAN Network
Select IP Addresses and netmask of remote network which is allowed to connect to the Device server through VPN tunnel. Multiple subnets can be specified. Select IP Hosts from the list of IP Hosts available on the Admin Console.
You can also add a new IP Host by click Create New link.
Remote ID
For Preshared Key and RSA Key, select any type of ID from the available options and specify its value.
Available Options:
* DNS
* IP Address
* Email Address
DER ASN1 DN(X.509) (DER ASN1 DN (X.509) is not applicable.
Quick Mode Selectors
Local Port
Specify Local Port number that the local VPN peer uses to transport the traffic related to TCP or UDP protocol.
Default: 1701
Local port Range: 1 – 65535
To specify any local port, enter *.
Remote Port
Specify Remote Port number that the remote VPN peer uses to transport the traffic related to TCP or UDP protocol.
Default: *
Local port Range: 1 – 65535
To specify any local port, enter *.
Advanced Settings
Disconnect when tunnel is idle
Click this option to allow Device to delete an Idle VPN Session if it exceeds the specified Idle session time interval.
Default - Disable
Idle session time interval (Only if Disconnect when tunnel is idle option is “Enabled”)
Specify the time limit after which an Idle VPN Session will be deleted by Device.
Acceptable Range - 120 to 999 seconds.
3. Click Save to create new connection.