Chapter 19 L2TP VPN

19.4 L2TP VPN Commands

The following table describes the values required for some L2TP VPN commands. Other values are discussed with the corresponding commands.

Table 79 Input Values for L2TP VPN Commands

LABEL

DESCRIPTION

address_object

The name of an IP address (group) object. You may use 1-31 alphanumeric characters,

 

underscores(_), or dashes (-), but the first character cannot be a number. This value is

 

case-sensitive.

interface_name

The name of the interface.

 

Ethernet interface: For the ZyWALL USG 300 and above, use gex, x = 1 - N, where N

 

equals the highest numbered Ethernet interface for your ZyWALL model.

 

The ZyWALL USG 200 and lower models use a name such as wan1, wan2, opt, lan1,

 

ext-wlan, or dmz.

 

VLAN interface: vlanx, x = 0 - 4094

 

bridge interface: brx, x = 0 - N, where N depends on the number of bridge interfaces

 

your ZyWALL model supports.

 

 

ppp_interface

PPPoE/PPTP interface: pppx, x = 0 - N, where N depends on the number of PPPoE/PPTP

 

interfaces your ZyWALL model supports.

 

 

map_name

The name of an IPSec SA. You may use 1-31 alphanumeric characters, underscores(_),

 

or dashes (-), but the first character cannot be a number. This value is case-sensitive.

user_name

The name of a user (group). You may use 1-31 alphanumeric characters, underscores(_),

 

or dashes (-), but the first character cannot be a number. This value is case-sensitive.

The following sections list the L2TP VPN commands.

19.4.1 L2TP VPN Commands

This table lists the commands for L2TP VPN. You must use the configure terminal command to enter the configuration mode before you can use these commands.

Table 80 L2TP VPN Commands

COMMAND

DESCRIPTION

l2tp-over-ipsec recover default-

If the default L2TP IPSec policy has been deleted, use this command to recreate it

ipsec-policy

(with the default settings).

[no] l2tp-over-ipsec activate;

Turns L2TP VPN on. The no command turns it off.

l2tp-over-ipsec crypto map_name

Specifies the IPSec VPN connection the ZyWALL uses for L2TP VPN. It must meet

 

the requirements listed in Section 19.2 on page 157.

 

Note: Modifying this VPN connection (or the VPN gateway that it uses) disconnects

 

any existing L2TP VPN sessions.

 

 

l2tp-over-ipsec pool address-

Specifies the address object that defines the pool of IP addresses that the ZyWALL

object

uses to assign to the L2TP VPN clients.

 

 

l2tp-over-ipsec authentication

Specifies how the ZyWALL authenticates a remote user before allowing access to

aaa authentication profile_name

the L2TP VPN tunnel.

 

The authentication method has the ZyWALL check a user’s user name and

 

password against the ZyWALL’s local database, a remote LDAP, RADIUS, a Active

 

Directory server, or more than one of these.

 

 

 

159

ZyWALL (ZLD) CLI Reference Guide