On the L2TP over IPsec > Global tab you can configure basic options for setting up remote access via L2TPClosed over IPsecClosed.

Note – By default, the 96-bit Android-friendly version of L2TP authentication is enabled. If you want to follow the official RFC (e.g. to use L2TP with Nokia Smartphones), see the Sophos Knowledge Base.

To use L2TP over IPsec, proceed as follows:

  1. On the Global tab enable L2TP over IPsec.

    Click the toggle switch.

    The toggle switch turns amber and the Server Settings and IP Address Assignment area becomes editable.

  2. Make the following settings:

    Interface: Select the network interface to be used for L2TP VPNClosed access.

    Note – If you use uplink balancing, only the primary interface that is up will be used for L2TP traffic.

    Authentication mode: You can choose between the following authentication modes:

    Assign IP addresses by: IP addresses can be either assigned from a predefined IP address pool or distributed automatically by means of a DHCP server:

  3. Click Apply.

    Your settings will be saved.

    The toggle switch turns green.

To cancel the configuration, click the amber colored toggle switch.

Access Control

Authentication via: L2TP remote access only supports local and RADIUSClosed authentication.

The authentication algorithm gets automatically negotiated between client and server. For local users, Sophos UTM supports the authentication protocol MSCHAPv2.

For RADIUS users, Sophos UTM supports the following authentication protocols:

Related Topics Link IconRelated Topics
© 2019 Sophos LimitedSophos UTM 9.600