UTM: Configuring L2TP Server on SonicOS Enhanced 1 of 6 1/12/2013 11:42 PM Question/Title UTM: Configuring L2TP Server on SonicOS Enhanced Answer/Article Article Applies To: Gen5: NSA E8510, E8500, E7500, NSA E6500, NSA E5500, NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 2400MX, NSA 220, NSA 220W NSA 240, NSA 250M, NSA250MW Gen5 TZ series: TZ 100, TZ 100W, TZ 105, TZ 105W TZ 200, TZ 200W, TZ 205, TZ 205W TZ 210, TZ 210W,TZ 215, TZ 215W. Gen4: PRO series: PRO 5060, PRO 4100, PRO 4060,PRO 3060, PRO 2040, PRO 1260 Gen4: TZ series: TZ 190, TZ 190 W, TZ 180, TZ 180 W, TZ 170, TZ 170 W, TZ 170 SP, TZ 170 SP Wireless Firmware/Software Version: All SonicOS Enhanced versions. Services: L2TP Feature/Application: Configuring L2TP Server on SonicOS Enhanced Procedure: This document explains how to configure L2TP Client access to the SonicWALL WAN GroupVPN SA using the built-in L2TP Server and Microsoft's L2TP VPN Client This guide is for SonicOS Enhanced firmware on Gen 4 and Gen 5 appliances The suggested configuration was confirmed to work with Microsoft Windows XP Service Pack 2 (SP2), Vista Ultimate, and Vista Home 1) Go to VPN > Settings and enable the WAN GroupVPN policy. The default policy settings are OK to use, but the Shared Secret will be needed for the client policy configuration If your SonicWALL appliance is running SonicOS 5.8.0.5 or above, enable the Accept Multiple Proposals for Clients checkbox which allows multiple VPN or L2TP clients using different security policies to connect.
TM: Configuring L2TP Server on SonicOS Enhanced of 6 1/12/2013 11:42 PM 2) Go to VPN > L2TP Server I. Enable the L2TP Server. Click 'Configure' II. L2TP Server Settings Keep alive time (secs): 60 DNS Server 1: (Use internal or your ISP's DNS) DNS Server 2: 4.2.2.2 (or use your ISP's DNS) DNS Server 3: 0.0.0.0 (or use your ISP's DNS) WINS Server 1: 0.0.0.0 (or use your WINS IP) WINS Server 2: 0.0.0.0 (or use your WINS IP) III. IP Address Settings IP address provided by RADIUS/LDAP Server: Disabled Use the Local L2TP IP Pool: Enabled Start IP: 10.20.0.1 *EXAMPLE* End IP: 10.20.0.20 *EXAMPLE* IV. L2TP Users User Group for L2TP Users: 'Trusted Users' 3) Go to Network > NAT Policies SonicOS Enhanced will automatically add the following NAT policy.
TM: Configuring L2TP Server on SonicOS Enhanced of 6 1/12/2013 11:42 PM You may manually add this NAT policy if not auto-added. I. Add a NAT Policy with these settings: Source: Original: 'L2TP IP Pool' Translated: 'WAN Primary IP' Destination: Original: 'Any' Translated: 'Original' Service: Original: 'Any' Translated: 'Original' Interface: Inbound: 'Any' Outbound: 'WAN' or 'X1' Comment: L2TP Outbound NAT Enable NAT Policy: Enabled Create a reflexive policy: Disabled 4) Go to Firewall > Access Rules and select VPN to WAN and Add the following rule.
TM: Configuring L2TP Server on SonicOS Enhanced of 6 1/12/2013 11:42 PM Click Add to add a new firewall rule with the following settings: Action: Allow Service: Any Source: WAN RemoteAccess Networks Destination: Any Users Allowed: All Schedule: Always on Comment: L2TP Internet access The SNWL portion of the configuration is complete. L2TP setup on the Client computer: This next steps are performed on a workstation running Microsoft Windows XP Professional, Service Pack 2: 1) Go to the Control Panel 2) Go to Network Connections 3) Open the New Connection Wizard. Click Next. 4) Choose "Connect to the network at my workplace." Click Next. 5) Choose "Virtual Private Network Connection." Click Next. 6) Enter a name for your VPN connection. Click Next. 7) Enter the Public (WAN) IP address of the SNWL. Alternatively, you can use a domain name that points to the SNWL. Click Next, then click Finish. The connection window will appear. Click Properties. 8) Go to the Security tab. Click on "IPSec Settings". Enable "Use pre-shared key for authentication". Enter your pre-shared secret. Click OK.
UTM: Configuring L2TP Server on SonicOS Enhanced 5 of 6 1/12/2013 11:42 PM 9) Go to the Networking tab. Change "Type of VPN" from "Automatic" to "L2TP IPSec VPN". Click OK. 10) Enter your XAUTH username and password. Click Connect. Once the connection has been established, Internet access should be available. Access to the internal network will also be available. KBID 5378 Date Modified 7/5/2012 Date Created 10/13/2008 Use Alerts to be notified when new information is
UTM: Configuring L2TP Server on SonicOS Enhanced 6 of 6 1/12/2013 11:42 PM added or changed in an individual answer or topic of information you care about. All Alert notifications sent in a single email once each day. Notify me if this item has activity Notify me if content in this topic has activity or you can subscribe to our RSS feed for this topic by clicking the link below Subscribe