McAfee SG310 Administration Manual page 252

VPN menu features
L2TP VPN Server
From the VPN menu, click L2TP and select the L2TP VPN Server tab. The L2TP Server Setup page
1
appears (Figure
Figure 254 L2TP VPN Server Setup page
Select the Enable L2TP Server checkbox.
2
Enter the IP addresses to give to remote hosts. This must be a free IP address, or a range of free IP
3
addresses, from the network (typically the LAN) that the remote users are assigned while connected to
the UTM Firewall appliance. Can be an IP address range of the following forms:
• a.b.c.d
• a.b.c.d-e
• a.b.c.d-e.f.g.h
• a.b.c.d/e
• a.b.c.d/e.f.g.h
• a.b.c.d+e
Tip: If required, you can specify a static IP address for a given L2TP user when you create the local user for
L2TP access. For further information, see
If you have configured several network connections, select the one that you want to connect remote users
4
to from the IP Address to Assign VPN Server list. This is typically a LAN interface or alias.
Select the weakest Authentication Scheme to accept. Access is denied to remote users attempting to
5
connect using an authentication scheme weaker than your selection. They are described below, from
strongest to weakest:
• Encrypted Authentication (MS-CHAP v2) — [Recommended] The strongest type of
authentication to use.
• Encrypted Authentication (MS-CHAP) — This is not a recommended encryption type and should
only be used for older dial-in clients that do not support MS-CHAP v2.
• Weakly Encrypted Authentication (CHAP) — This is the weakest type of encrypted password
authentication to use. It is not recommended that clients connect using this as it provides very little
password protection. Also note that clients connecting using CHAP are unable to encrypt traffic.
• Unencrypted Authentication (PAP) — This is plain text password authentication. When using this
type of authentication, the client passwords are transmitted unencrypted over the Internet.
252 McAfee UTM Firewall 4.0.4 Administration Guide
254).
Adding an L2TP user account.