L2Tp; Setting Up A L2Tp-Based Vpn; Enabling L2Tp And Specifying An L2Tp Range - Fortinet FortiGate FortiGate-3000 Administration Manual
Fortinet fortigate fortigate-3000: user guide
Hide thumbs
Also See for FortiGate FortiGate-3000:
- Install manual (66 pages) ,
- Installation manual (56 pages) ,
- Quick start manual (2 pages)
Table of Contents
Advertisement
L2TP
Setting up a L2TP-based VPN
Enabling L2TP and specifying an L2TP range
272
To set up a L2TP VPN, you must configure both the FortiGate unit and the remote
Windows client.
To create an L2TP VPN configuration
1
Add a user group to the FortiGate unit.
The L2TP clients must be authenticated before being allowed to start a VPN tunnel.
To enable authentication, you must add a user group to the FortiGate unit. Within the
user group, add a user for each L2TP client. You can add users to the FortiGate user
database, to authentication servers (RADIUS or LDAP), or to both. See
authentication" on page
2
Enable L2TP and specify a L2TP address range.
The L2TP address range is the range of addresses reserved for remote L2TP clients.
When a remote L2TP client connects to the internal network using L2TP, the client
computer is assigned an IP address from this range. The L2TP address range can be
on any subnet. See
3
Add a source address.
The source address is the L2TP range. See
4
Add a destination address.
The destination address is the address to which the L2TP clients can connect. For
example, if the destination address is on the internal network, you would create an
external-to-internal policy to control the access that L2TP users have through the
FortiGate unit. Typically you would add only one destination address, for the entire
internal subnetwork. See
5
Add an external-to-internal firewall policy.
The firewall policy specifies the source and destination addresses and sets the
service for the policy to the traffic type inside the L2TP VPN tunnel. For example, if
you want L2TP clients to be able to access a web server, set the service to HTTP.
See
"To add a firewall policy" on page
6
Configure the Windows client. See:
•
Configuring a Windows 2000 client for
•
Configuring a Windows XP client for
The L2TP address range is the range of addresses reserved for remote L2TP clients.
When a remote Windows client connects to the internal network using L2TP, the client
computer is assigned an IP address from this range. The L2TP address range can be
on any subnet.
241.
"Enabling L2TP and specifying an L2TP range" on page
"To add an address" on page
204.
01-28006-0010-20041105
"To add an address" on page
208.
L2TP.
L2TP.
VPN
"Users and
272.
208.
Fortinet Inc.
- Quick Links:
- To Reset the Fortigate Unit to...
Hide quick links:
Advertisement
Table of Contents
