PPTP and L2TP VPN

Configuring L2TP

 

 

Figure 32: Sample L2TP address range configuration

6Add the addresses from the L2TP address range to the External zone address list. The addresses can be grouped into an External address group.

7Add addresses to the destination zone address list to control the addresses to which L2TP clients can connect. The addresses can be grouped into an address group.

For example, if you want L2TP users to connect to the Internal zone add addresses to the Internal zone address list.

8Add a policy to allow L2TP clients to connect through the FortiGate unit.

Adding a source address

Add a source address for every address in the L2TP address range.

1Go to Firewall > Address.

2Select the interface to which L2TP clients connect. This can be an interface, VLAN subinterface, or zone.

3Select New to add an address.

4Enter the Address Name, IP Address, and NetMask for an address in the L2TP address range.

5Select OK to save the source address.

6Repeat for all addresses in the L2TP address range.

Note: If the L2TP address range is comprised of an entire subnet, add an address for this subnet. Do not add an address group.

Adding an address group

Organize the source addresses into an address group.

1 Go to Firewall > Address > Group.

FortiGate-400 Installation and Configuration Guide

243

Page 243
Image 243
Fortinet 400 manual 243, Sample L2TP address range configuration