How To Configure L2TP between Cyberoam and Windows 7 How To Configure L2TP VPN between Cyberoam and Windows 7 Applicable Version: 10.00 onwards Scenario Configure and establish an L2TP connection between Cyberoam and a Windows 7 VPN Client. This article consists of Two (2) parts: - Cyberoam Configuration - Windows 7 Configuration Cyberoam Configuration You must be logged on to the Web Admin Console as an administrator with Read-Write permission for relevant feature(s). Step 1: Configure L2TP Go to VPN > L2TP > Configuration and click Enable L2TP. Specify the parameters as given below. Parameters Value Description Assign IP from Primary DNS Server Secondary DNS Server 172.16.16.211-172.16.16.225 <As configured Network> <As configured Network> in in Specify IP Address range if L2TP server has to lease IP Addresses. Select Primary DNS Server from the list. Alternately, you can also specify DNS Server by choosing Other from the list. Specify Secondary DNS server. Alternately, you can also specify DNS Server by choosing Other from the list. Click Apply to save changes.
Step 2: Add L2TP Members Click Add Member(s) to add the users who would connect to Cyberoam using L2TP. Select the L2TP members. Here, as an example, we have selected john.smith as the L2TP member. Click Apply to save changes. Step 3: Create L2TP Connection Go to VPN > L2TP > Connection and click Add to add an L2TP connection as per parameters below. Parameters Value Description Name Head_Branch Enter a unique name to identify L2TP Connection. Policy DefaultL2TP Select policy to be applied to the L2TP connection.
Select an action to be taken on the connection when VPN services or Appliance restarts. Action on VPN Restart Authentication Type Respond Only Preshared Key Available Options: Respond Only Keeps connection disabled till the user responds. Disable Keeps connection disabled till the user activates. Select Authentication Type Preshared Key authentication is a mechanism whereby a single key is used for encryption and decryption. Both the peers should have the Preshared Key. Local WAN Port <Select WAN Port) Select Local WAN Port. Remote Host * Allow NAT Traversal Remote LAN Network Enabled Local Port 1701 Any IP Host After selecting this option, mention the Key to be used. Specify IP Address or host name of of remote end-point. Specify * for any IP Address. Enable NAT traversal if a NAT device is located between your VPN endpoints when remote peer has private/non-routable IP Address. Select IP Addresses and netmask of remote network which is allowed to connect to the appliance server through VPN tunnel. Specify the Local Port number that the local VPN peer uses to transport traffic related to TCP or UDP protocol. Specify * for any port. Remote Port * Default - 1701 Specify the Remote Port number that the remote VPN peer uses to transport traffic related to TCP or UDP protocol. Specify * for any port.
Click OK to save the connection. Step 4: Activate Connection Click the red icon under 'Active' column to activate the connection.
Windows 7 Configuration Follow the steps below to configure the user machine to connect to Cyberoam using L2TP. Step 1: Change the default Authentication Mechanism to Preshared Key Go to Start Menu > Control Panel > Administrative Tools and double-click Windows Firewall with Advanced Security. Select Properties to display the Windows Firewall with Advanced Security on Local Computer window. Switch to IPSec Settings tab and under IPSec Defaults, click Customize to display the Customize IPSec Settings window.
Under Authentication Method, select Advanced and click Customize to display the Customize Advanced Authentication Methods window. Select the current First Authentication Method, in this case Computer (Kerberos V5) and click Remove.
Click Add to add another First Authentication Method. In the Add First Authentication Method screen, select Preshared Key and specify the Preshared Key configured in Cyberoam (Cyberoam Configuration step 3).
Click OK in all the cascading windows. Note: Make sure that IPSec Policy Agent and IKE and AuthIP IPSec Keying Modules in the machine are running without error. Step 2: Create the L2TP Connection in User Machine Go to Start > Control Panel > Network and Sharing Center and click Setup a new connection or network. Follow further steps as per screens shown below.
Step 3: Configure Authentication Mechanism of the L2TP Connection After Connection is established, click the Network symbol on the System Tray and right-click the connection created in step 2. Click Properties to open the Properties window. Switch to Security tab and click Advanced Settings under Types of VPN In the L2TP tab, select Use preshared key for authentication and specify the key configured in Cyberoam.
Click OK to save settings. The above configuration establishes an L2TP connection between Cyberoam and a Windows 7 machine. Document Version: 2.0 3 March, 2015