L2Tpv3 Server Setup With Ipsec - D-Link NetDefendOS User Manual

• UDP
Using UDP as the lower level transport protocol is the default setting for this property and is
recommended. It ensures that communication is able to traverse most network equipment
and particularly if NAT is being employed in the path through network.
• IP
Using IP as the transport protocol allows packet processing to be optimized and therefore
provides a means to transport data using less processing resources. However, some network
equipment may not allow traversal and problems can occur where NAT is employed in the
path through the network. Such problems can be solved by using UDP instead.
Using IPsec for Encryption
As with standard L2TP (L2TPv2), L2TPv3 does not provide encryption. To make communication
secure, L2TPv3 should be therefore set up in conjunction with an IPsec Tunnel object and the
listening interface then becomes the tunnel.
The setup of the IPsec tunnel follows the same procedure as for standard L2TP and this is
described in Section 9.5.2, "L2TP Servers".
Example 9.16. L2TPv3 Server Setup With IPsec
Assume the same scenario as the previous example, but this time the L2TPv3 tunnel is itself
being tunneled through an IPsec Tunnel object called my_ipsec_tunnel.
Setup of the IPsec tunnel is not shown in this example but follows the same setup described in
Section 9.5.2, "L2TP Servers".
Command-Line Interface
A. First, define the L2TPv3 Server object:
gw-world:/> add Interface L2TPv3Server my_l2tpv3_if
B. Next, enable transparent mode on the protected interface If3:
gw-world:/> Set Interface Ethernet If3 AutoSwitchRoute=Yes
Web Interface
A. First, define an L2TPv3 Server object:
1. Go to: Network > Interfaces and VPN > L2TPv3 Servers > Add > L2TPv3 Server
2. Now enter:
• Name: my_l2tpv3_if
• Inner IP Address: If3_ip
IP=If3_ip
LocalNetwork=If3_net
Interface=my_ipsec_tunnel
ServerIP=If2_ip
744
Chapter 9: VPN