Skip to content

L2TP global settings

You can specify the global settings for L2TP remote access connections.

These settings apply to all L2TP policies. You can specify the IP addresses to assign to L2TP users and the DNS servers to use for these connections.

L2TP settings

  1. Click Enable L2TP to turn on L2TP configuration.
  2. For Assign IP from, enter a private IP address range that belongs to a /24 or smaller subnet. The range can't contain more than 254 IP addresses. Sophos Firewall will lease IP addresses to L2TP clients from this range.


    IP address ranges for L2TP and PPTP must not overlap with the SSL VPN range.

  3. Optional: Select Allow leasing IP address from RADIUS server for L2TP, PPTP, and Sophos Connect client.

    The firewall then uses the IP addresses provided by the RADIUS server if you use one. If the RADIUS server doesn't provide an address, the firewall assigns the static address configured for the user or leases an address from the specified range.

  4. Optional: Select the Primary DNS server and the Secondary DNS server L2TP users can use to resolve internal hostnames.

  5. Optional: Enter the Primary WINS server and Secondary WINS server.
  6. Click Apply.

Allow users to establish L2TP connections

  • Click Add members and select the users and groups.
  • To see the users allowed to establish L2TP connections, click Show members.