Configuring Microsoft Windows L2TP VPN Client Access

This section provides a configuration example for enabling L2TP client access to the WAN GroupVPN SA using the built-in L2TP Server and Microsoft's L2TP VPN Client.

* 
NOTE: SonicOS supports only X.509 certificates for L2TP clients; PKCS #7 encoded X.509 certificates are not supported in SonicOS for L2TP connections.
To enable Microsoft L2TP VPN Client access to the WAN GroupVPN SA:
1
Navigate to the VPN > Settings page.
2
For the WAN GroupVPN policy, click the Configure icon.
3
On the General tab, select IKE using Preshared Secret from the Authentication Method drop-down menu.
4
Enter a shared secret passphrase in the Shared Secret field to complete the client policy configuration.
5
Click the OK button.
6
Navigate to the VPN > L2TP Server page.
7
In the L2TP Server Settings section, click the Enable the L2TP Server checkbox.
8
Click the Configure button. The L2TP Server Settings dialog displays.

9
Provide the following L2TP server settings:
Keep alive time (secs): 60
DNS Server 1: 199.2.252.10 (or use your ISP’s DNS)
DNS Server 2: 4.2.2.2 (or use your ISP’s DNS)
DNS Server 3: 0.0.0.0 (or use your ISP’s DNS)
WINS Server 1: 0.0.0.0 (or use your WINS IP)
WINS Server 2: 0.0.0.0 (or use your WINS IP)
10
Provide the IP address settings:
Use the Local L2TP IP pool: Enabled (selected; the default)
Start IP: 10.20.0.1 (example)
End IP: 10.20.0.20 (example)
* 
NOTE: Use any unique private range.
11
In the L2TP Users section, select Trusted Users from the User group for L2TP users drop-down menu.
12
Navigate to the Users > Local Users page.
13
Click the Add User button. The Add User dialog displays.

14
Specify a user name and password in the Name, Password, and Confirm Password fields.
15
Click OK.
* 
NOTE: By editing the Firewall > Access Rules for the VPN LAN zone or another VPN zone, you can restrict network access for L2TP clients. To locate a rule to edit, select the All Rules view of the Access Rules table and look at the Source column. The address object in the Source column of applicable rows displays "L2TP IP Pool".
16
On your Microsoft Windows computer, complete the following L2TP VPN Client configuration to enable secure access:
Navigate to the Windows > Start > Control Panel > Network Connections.
Open the New Connection Wizard. Click Next.
Choose "Connect to the network at my workplace." Click Next.
Choose "Virtual Private Network Connection." Click Next.
Enter a name for your VPN connection. Click Next.
Enter the Public (WAN) IP address of the firewall. Alternatively, you can use a domain name that points to the firewall. Click Next, then click Finish. The connection dialog will appear. Click Properties.
Click the Security tab. Click on "IPSec Settings". Enable "Use pre-shared key for authentication". Enter your pre-shared secret. Click OK.
Click the Networking tab. Change "Type of VPN" from "Automatic" to "L2TP IPSec VPN". Click OK.
10) Enter your XAUTH username and password. Click Connect.
17
Verify your Microsoft Windows L2TP VPN device is connected by navigating to the VPN > Settings page. The VPN client is displayed in the Currently Active VPN Tunnels section.