Procedure

1. Optionally enable L2TP VPN.
2. For Client network pool, enter the IPv4 address pool in CIDR format.

   Important The assigned IP addresses must be part of an independent network segment (the network segment is different from network segments used on any other interface).

3. Enter a key known to both endpoints in Preshared key.
   The key is used to authenticate the L2TP endpoints while establishing the connection.

   Before establishing the connection, the remote user must provide authentication credentials using a Cloud Edge hosted user.

   To configure hosted users, see Hosted Users and Groups.
4. Configure advanced settings.
   • Primary DNS server and Secondary DNS server
     If both the Primary DNS server and Secondary DNS server are left blank, the gateway’s default DNS servers are used as L2TP DNS servers.
   • Primary WINS server and Secondary WINS server
   • MTU
     Supported values are 500 through 1400. This is a required field. The MTU field cannot be left blank.
   • Enable L2TP debug mode
   • Enable dead peer detection
     Dead peer detection identifies inactive or unavailable VPN peers and can help restore resources that are lost when a peer is unavailable. Selecting Enable dead peer detection reestablishes VPN tunnels on idle connections and cleans up dead VPN peers if required.
     Use this option to keep the tunnel connection open when no traffic is being generated inside the tunnel.
   • Enable network masquerade
   • IKE Authentication algorithm
     • MD5
     • SHA1
     • SHA-256
     • SHA-512
     SHA1 is the default.
     See Authentication Algorithms.
   • IPsec authentication algorithm
     • MD5
     • SHA1
     • SHA-256
     • SHA-512
     SHA1 is the default.
   • IKE Debugging
     Enable or disable IKE debugging.
5. Click Save.