Chapter 19 L2TP VPN

Table 80 L2TP VPN Commands

COMMAND

DESCRIPTION

certificate cert_name

Select the certificate to use to identify the ZyWALL for L2TP VPN connections. The

 

certificate is used with the EAP, PEAP, and MSCHAPv2 authentication protocols. The

 

certificate must already be configured.

 

 

[no] l2tp-over-ipsec user

Specifies the user or user group that can use the L2TP VPN tunnel. If you do not

user_name

configure this, any user with a valid account and password on the ZyWALL to log in.

 

The no command removes the user name setting.

[no] l2tp-over-ipsec keepalive-

The ZyWALL sends a Hello message after waiting this long without receiving any

timer <1..180>

traffic from the remote user. The ZyWALL disconnects the VPN tunnel if the remote

 

user does not respond. The no command returns the default setting.

[no] l2tp-over-ipsec first-dns-

Specifies the first DNS server IP address to assign to the remote users. You can

server {ip interface_name}

specify a static IP address, or a DNS server that an interface received from its

{1st-dns2nd-dns3rd-dns}

DHCP server. The no command removes the setting.

{ppp_interfaceaux}{1st-dns2nd-

 

dns}}

 

[no] l2tp-over-ipsec second-dns-

Specifies the second DNS server IP address to assign to the remote users. You can

server {ip interface_name}

specify a static IP address, or a DNS server that an interface received from its

{1st-dns2nd-dns3rd-dns}

DHCP server. The no command removes the setting.

{ppp_interfaceaux}{1st-dns2nd-

 

dns}}

 

[no] l2tp-over-ipsec first-wins-

Specifies the first WINS server IP address to assign to the remote users. The no

server ip

command removes the setting.

[no] l2tp-over-ipsec second-

Specifies the second WINS server IP address to assign to the remote users. The no

wins-server ip

command removes the setting.

no l2tp-over-ipsec session

Deletes the specified L2TP VPN tunnel.

tunnel-id <0..65535>

 

show l2tp-over-ipsec

Displays the L2TP VPN settings.

show l2tp-over-ipsec session

Displays current L2TP VPN sessions.

19.5 L2TP VPN Example

This example uses the following settings in creating a basic L2TP VPN tunnel. See the Web Configurator User’s Guide for how to configure L2TP in remote user computers using Windows XP and Windows 2000.

Figure 23 L2TP VPN Example

172.23.37.205

L2TP_POOL: 192.168.10.10~192.168.10.20

LAN_SUBNET: 192.168.1.1/24

The ZyWALL has a static IP address of 172.23.37.205 for the ge3 interface.

The remote user has a dynamic public IP address and connects through the Internet.

160

 

ZyWALL (ZLD) CLI Reference Guide