Operation: Add L2TP Connection / Edit L2TP Connection
Description: To Add/Edit L2TP Connection.Edit L2TP Connection. 

Sample Configuration
<L2TPConnection> <Configuration> <Name>Name</Name> <Description>Text</Description> <Policy>DefaultRemoteAccess</Policy> <ActionOnVPNRestart>RespondOnly/Disable</ActionOnVPNRestart> <AuthenticationType>PresharedKey/DigitalCertificate</AuthenticationType> <!-- If type presharedkey --> <PresharedKey>key</PresharedKey> <!-- if type certificate --> <LocalCertificate>ApplianceCertificate</LocalCertificate> <LocalWANPort>PortB</LocalWANPort> <!-- For alias wan port --> <AliasLocalWANPort>PortB:0</AliasLocalWANPort> <LocalIDType>DNS/IP Address/Email/DER ASN1 DN (X.509)</LocalIDType> <LocalID>localid</LocalID> <RemoteHost>hostname or ipaddress</RemoteHost> <AllowNATTraversal>Enable/Disable</AllowNATTraversal> <RemoteLANNetwork> <Network>Host</Network> : </RemoteLANNetwork> <RemoteIDType>DNS/IP Address/Email/DER ASN1 DN (X.509)</RemoteIDType> <RemoteID>remoteid</RemoteID> <LocalPort>1701</LocalPort> <RemotePort>*</RemotePort> <DisconnectOnIdleInterval>600</DisconnectOnIdleInterval> </Configuration> <Connection><Name>connectionname</Name></Connection> <DisConnection><Name>connectionname</Name></DisConnection> <Active><Name>connectionname</Name></Active> <DeActive><Name>connectionname</Name></DeActive> </L2TPConnection>



Parameter Mandatory Default Description
NameYes  
Specify a name for L2TP Connection.
Name confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Allowed first characters: (A-Za-z). For other characters: (A-Za-z0-9_)
  • Maximum characters allowed are 50.
DescriptionNo  
Specify description for L2TP Connection.
Description confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Maximum characters allowed are 255.
PolicyYes  
Select Policy to use for L2TP Connection from the available options: Default Policy, DefaultHeadOffice, DefaultRemoteAccess, AES128_MD5, DefaultBranchOffice or DefaultL2TP.
Policy confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
ActionOnVPNRestartYes  
Select an action for the Connection from the available options: Disable or Respond Only.
ActionOnVPNRestart confines to:
  • Type is 'SCALAR'.
  • Only 'Disable', 'RespondOnly' are allowed.
AuthenticationTypeYes  
Select Authentication type from the available options: Preshared key or Digital Certificate.
AuthenticationType confines to:
  • Type is 'SCALAR'.
  • Only 'PresharedKey', 'DigitalCertificate' are allowed.
PresharedKey/LocalCertificateYes  
If Authentication Type is selected as Preshared Key, specify Preshared Key value.
PresharedKey/LocalCertificate confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Allowed characters: (A-Za-z0-9_@\-\.)
  • Maximum characters allowed are 50.
  • UTF-8 character(s) are allowed.
Local CertificateYes  
If Authentication Type is selected as Local Certificate, select certificate to be used.
Local Certificate confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
AliasLocalWANPortYes  
Select Local WAN Port for L2TP Connection.
AliasLocalWANPort confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
LocalIDTypeNo  
Select Local ID type for Preshared Key.
LocalIDType confines to:
  • Type is 'SCALAR'.
  • Only 'DNS', 'IP Address', 'Email', 'DER ASN1 DN (X.509)' are allowed.
LocalIDYes  
Specify the Local ID value for L2TP Connection.
LocalID confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
RemoteHostYes  
Specify IP Address of remote Host.
RemoteHost confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Allowed IPv4 address range: (0-255.0-255.0-255.0-255). To specify any IPv4 address, use an asterisk (*).
AllowNATTraversalNo Enable 
Enable NAT Traversal if remote host has Private IP Address.
AllowNATTraversal confines to:
  • Type is 'SCALAR'.
  • Only 'Enable', 'Disable' are allowed.
NetworkYes  
Select Remote LAN Network.
Network confines to:
  • Type is 'ARRAY'.
  • Datatype is 'STRING'.
  • Not allowed for first character: (# ,). Not allowed: Comma (,)
  • Maximum characters allowed are 60.
  • Multiple values are allowed.
RemoteIDTypeNo  
Select Remote ID type for Preshared Key.
RemoteIDType confines to:
  • Type is 'SCALAR'.
  • Only 'DNS', 'IP Address', 'Email', 'DER ASN1 DN (X.509)' are allowed.
RemoteIDYes  
Specify the Remote ID value.
RemoteID confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
LocalPortYes  
Specify Local Port number.
LocalPort confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Allowed port range: (1 to 65535). To specify any port, use an asterisk (*).
  • Maximum characters allowed are 5.
RemotePortYes  
Specify Remote Port number.
RemotePort confines to:
  • Type is 'SCALAR'.
  • Datatype is 'STRING'.
  • Allowed port range: (1 to 65535). To specify any port, use an asterisk (*).
  • Maximum characters allowed are 5.
DisconnectOnIdleIntervalNo 
Disconnect on idle interval.
DisconnectOnIdleInterval confines to:
  • Type is 'SCALAR'.
  • Datatype is 'INTEGER'.
  • Range 120 to 999 is allowed.
  • Maximum digits allowed are 3.



Operation   Status   Message
Add L2TP Connection200
Add L2TP Connection201
Add L2TP Connection500
Add L2TP Connection502
Add L2TP Connection505
Add L2TP Connection541
Edit L2TP Connection200
Edit L2TP Connection201
Edit L2TP Connection500
Edit L2TP Connection502
Edit L2TP Connection503
Edit L2TP Connection505
Edit L2TP Connection541

© Copyright 2019 Sophos Firewall Limited. All rights reserved.
Sophos Firewall is registered trademarks of Sophos Firewall Limited and Sophos Firewall Group. All other product and company names mentioned are trademarks or registered trademarks of their respective owners.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid licensee where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.