Skip to content

Add an L2TP policy

You can configure remote access L2TP policies.

  1. Go to Remote access VPN > L2TP and click Add.
  2. Enter a name.
  3. Specify the general settings:

    Name Description
    Profile IPsec profile to use for the traffic.
    Gateway type Disable: Connection remains inactive until a user activates it.
    Respond only: Keeps the connection ready to respond to any incoming request.
  4. Specify the authentication settings:

    Name Description
    Authentication type Authentication to use for the connection.
    Preshared key: Authenticates endpoints using the secret known to both endpoints.

    Digital certificate: Authenticates endpoints by exchanging certificates (locally-signed or issued by a certificate authority).
  5. Specify the local network details:

    Name Description
    Local WAN port Select a WAN port, which acts as the endpoint for the tunnel.
    Local ID For preshared key, select an ID type and enter a value. DER ASN1DN (X.509) isn't accepted.
  6. Specify the remote network details:

    Name Description
    Remote host IP address or hostname of the remote endpoint. To specify any IP address, enter a wildcard address (*).
    Allow NAT traversal Enable NAT traversal if a NAT device exists between your endpoints, that is, when the remote peer has a private or non-routable IP address.
    Remote subnet Remote networks to which you want to provide access.
    Remote ID For preshared key, select an ID type and enter a value. DER ASN1DN (X.509) isn't accepted.
  7. Specify the QuickHA mode settings:

    Name Description
    Local port Port that the local peer uses for TCP or UDP traffic. To specify any port, enter a wildcard (*).
    Remote port Port that the remote peer uses for TCP or UDP traffic. To specify any port, enter a wildcard (*).
  8. Specify the advanced settings:

    Name Description
    Disconnect when tunnel is idle Disconnects idle clients from the session after the specified time.
    Idle session time interval Time, in seconds, after which the firewall disconnects idle clients.
  9. Click Save.