Purpose: Configure Layer 2 Tunneling Protocol Virtual Private Network (L2TP VPN) with IPsec to use as a VPN from remote Windows clients.
To configure L2TP VPNs, the Cloud Edge gateway appliance must be in routing mode.
Location: Gateways > (gateway name) > USER VPN > L2TP VPN > General
IP address pool and then enter the IPv4 address range for the pool in Client network pool.
DHCP server and then enter the DHCP server in DHCP server and the interface in Via interface.
Whether you use an IP address pool or a DHCP server to assign IP addresses, the assigned IP addresses must be part of an independent network segment (the network segment is different from network segments used on any other interface).
The key is used to authenticate the L2TP endpoints while establishing the connection.
Before establishing the connection, the remote user must provide authentication credentials using a Cloud Edge hosted user.
Primary DNS server and Secondary DNS server
If both the Primary DNS server and Secondary DNS server are left blank, the gateway’s default DNS servers are used as L2TP DNS servers.
Primary WINS server and Secondary WINS server
Supported values are 500 through 1400. This is a required field. The MTU field cannot be left blank.
Enable L2TP debug mode
Enable dead peer detection
Dead peer detection identifies inactive or unavailable VPN peers and can help restore resources that are lost when a peer is unavailable. Selecting Enable dead peer detection reestablishes VPN tunnels on idle connections and cleans up dead VPN peers if required.
Use this option to keep the tunnel connection open when no traffic is being generated inside the tunnel.
Enable network masquerade
IKE Authentication algorithm
SHA1 is the default.
IPsec authentication algorithm
SHA1 is the default.
Enable or disable IKE debugging.
If you do not want all traffic to route through the VPN tunnel, you can configure split tunneling on the Windows client.
You must first configure L2TP on the client and connect the L2TP VPN.
Disconnect the L2TP connection and right-click on the L2TP new connection and select Properties.
You can then select Internet Protocol Version 4 (TCP/IPv4) and click on Properties and then on Advanced.
You can deselect Use default gateway on remote network to enable split tunneling. Only traffic destined for the gateway's internal network will route through the L2TP gateway.