Support User Manuals

ZyXEL Communications 3.1 Security Camera User Manual

Open as PDF

of 386

Chapter 19 L2TP VPN

ZyWALL (ZLD) CLI Reference Guide

159

19.4 L2TP VPN Commands

The following table describes the values required for some L2TP VPN commands. Other values are

discussed with the corresponding commands.

The following sections list the L2TP VPN commands.

19.4.1 L2TP VPN Commands

This table lists the commands for L2TP VPN. You must use the configure terminal command to

enter the configuration mode before you can use these commands.

Table 79 Input Values for L2TP VPN Commands

LABEL DESCRIPTION

address_object The name of an IP address (group) object. You may use 1-31 alphanumeric characters,

underscores(

_), or dashes (-), but the first character cannot be a number. This value is

case-sensitive.

interface_name The name of the interface.

Ethernet interface: For the ZyWALL USG 300 and above, use gex, x = 1 - N, where N

equals the highest numbered Ethernet interface for your ZyWALL model.

The ZyWALL USG 200 and lower models use a name such as wan1, wan2, opt, lan1,

ext-wlan, or dmz.

VLAN interface: vlanx, x = 0 - 4094

bridge interface: brx, x = 0 - N, where N depends on the number of bridge interfaces

your ZyWALL model supports.

ppp_interface PPPoE/PPTP interface: pppx, x = 0 - N, where N depends on the number of PPPoE/PPTP

interfaces your ZyWALL model supports.

map_name The name of an IPSec SA. You may use 1-31 alphanumeric characters, underscores(

_),

or dashes (-), but the first character cannot be a number. This value is case-sensitive.

user_name The name of a user (group). You may use 1-31 alphanumeric characters, underscores(

_),

or dashes (-), but the first character cannot be a number. This value is case-sensitive.

Table 80 L2TP VPN Commands

COMMAND DESCRIPTION

l2tp-over-ipsec recover default-

ipsec-policy

If the default L2TP IPSec policy has been deleted, use this command to recreate it

(with the default settings).

[no] l2tp-over-ipsec activate; Turns L2TP VPN on. The no command turns it off.

l2tp-over-ipsec crypto map_name Specifies the IPSec VPN connection the ZyWALL uses for L2TP VPN. It must meet

the requirements listed in Section 19.2 on page 157.

Note: Modifying this VPN connection (or the VPN gateway that it uses) disconnects

any existing L2TP VPN sessions.

l2tp-over-ipsec pool address-

object

Specifies the address object that defines the pool of IP addresses that the ZyWALL

uses to assign to the L2TP VPN clients.

l2tp-over-ipsec authentication

aaa authentication profile_name

Specifies how the ZyWALL authenticates a remote user before allowing access to

the L2TP VPN tunnel.

The authentication method has the ZyWALL check a user’s user name and

password against the ZyWALL’s local database, a remote LDAP, RADIUS, a Active

Directory server, or more than one of these.

previous next