ZyXEL Communications 310 User Manual page 346

Chapter 24 L2TP VPN
Using the Default L2TP VPN Connection
The Default_L2TP_VPN_GW gateway entry is pre-configured to be convenient to use for L2TP
VPN. Edit it as follows:
• Set My Address to the WAN interface domain name or IP address you want to use.
• Replace the default Pre-Shared Key.
Create a host-type address object containing the My Address IP address configured in the
Default_L2TP_VPN_GW and set the Default_L2TP_VPN_Connection's Local Policy to use it.
Policy Route
Configure a policy route to let remote users access resources on a network behind the ZyWALL.
• Set the policy route's Source Address to the address object that you want to allow the remote
users to access (LAN_SUBNET in the following figure).
• Set the Destination Address to the IP address pool that the ZyWALL assigns to the remote
users (L2TP_POOL in the following figure).
• Set the next hop to be the VPN tunnel that you are using for L2TP.
Figure 227 Policy Route for L2TP VPN
LAN_SUBNET
To manage the ZyWALL through the L2TP VPN tunnel, create a routing policy that sends the
ZyWALL's return traffic back through the L2TP VPN tunnel.
• Set Incoming to ZyWALL.
• Set Destination Address to the L2TP address pool.
• Set the next hop to be the VPN tunnel that you are using for L2TP.
If some of the traffic from the L2TP clients needs to go to the Internet, create a policy route to send
traffic from the L2TP tunnels out through a WAN trunk.
• Set Incoming to Tunnel and select your L2TP VPN connection.
• Set the Source Address to the L2TP address pool.
• Set the Next-Hop Type to Trunk and select the appropriate WAN trunk.
346
L2TP_POOL
ZyWALL 110/310/1100 Series User's Guide