McAfee SG310 Administration Manual page 257

VPN menu features
L2TP VPN Server
Enter the UTM Firewall L2TP appliance's Internet IP address or fully qualified domain name and click Next.
7
Select whether or not you want to use a Smart Card, whether you want make this connection available
to all users and whether you want to add a shortcut to your desktop and click Finish.
• To authenticate using a Shared Secret Tunnel, click Properties on the Connect Connection
Name dialog box (Figure
Figure 259 Connection Security Properties
• Click Security > IPSec Settings.
• Select the Use pre-shared key for authenticate checkbox and in the Key field, enter the Shared
Secret you indicated when configuring the shared secret tunnel on the UTM Firewall appliance
(Figure 260).
Figure 260 L2TP Server IPSec Preshared Secret Configuration
• To authenticate using an x.509 Certificate Tunnel, you must first install the local certificate. The
distinguished name of this local certificate must match the name entered in Client Distinguished
Name when configuring the x.509 certificate tunnel on the UTM Firewall appliance. See
management for details on creating, packaging, and adding certificates for use by Windows IPSec.
Once a certificate is added, Windows IPSec automatically uses it to attempt to authenticate the
connection. If more than one certificate is installed, it tries each of them in turn. Authentication fails if
the Windows client's certificate and the UTM Firewall appliance's certificate are not signed by the same
CA (Certificate Authority).
Your VPN client is now set up and ready to connect.
Connecting to the remote VPN client
Verify that you are connected to the Internet, or have set up your VPN connection to automatically
establish an initial Internet connection.
McAfee UTM Firewall 4.0.4 Administration Guide
259).
Certificate
257