Support User Manuals

ZyXEL Communications 3.1 Security Camera User Manual

Open as PDF

of 386

Chapter 19 L2TP VPN

ZyWALL (ZLD) CLI Reference Guide

161

• You configure an IP address pool object named L2TP_POOL to assign the remote users IP

addresses from 192.168.10.10 to 192.168.10.20 for use in the L2TP VPN tunnel.

• The VPN rule allows the remote user to access the LAN_SUBNET which covers the 192.168.1.1/

24 subnet.

19.5.1 Configuring the Default L2TP VPN Gateway Example

The following commands configure the Default_L2TP_VPN_GW entry.

• Configure the My Address setting. This example uses interface ge3 with static IP address

172.23.37.205.

• Configure the Pre-Shared Key. This example uses “top-secret”.

19.5.2 Configuring the Default L2TP VPN Connection Example

The following commands configure the Default_L2TP_VPN_Connection entry.

Enforce and configure the local and remote policies.

•For the Local Policy, create an address object that uses host type and contains the My Address

IP address that you configured in the Default_L2TP_VPN_GW. The address object in this

example uses IP address 172.23.37.205 and is named L2TP_IFACE.

•For the Remote Policy, create an address object that uses host type and an IP address of

0.0.0.0. It is named L2TP_HOST in this example.

19.5.3 Configuring the L2TP VPN Settings Example

The following commands configure and display the L2TP VPN settings.

• Set it to use the Default_L2TP_VPN_Connection VPN connection.

• Configure an IP address pool for the range of 192.168.10.10 to 192.168.10.20. In this example it

is already created and called L2TP_POOL.

• This example uses the default authentication method (the ZyWALL’s local user data base).

• Select a user or group of users that can use the tunnel. Here a user account named L2TP-test

has been created.

• The other settings are left to the defaults in this example.

Router(config)# isakmp policy Default_L2TP_VPN_GW

Router(config-isakmp Default_L2TP_VPN_GW)# local-ip interface ge3

Router(config-isakmp Default_L2TP_VPN_GW)# authentication pre-share

Router(config-isakmp Default_L2TP_VPN_GW)# keystring top-secret

Router(config-isakmp Default_L2TP_VPN_GW)# activate

Router(config-isakmp Default_L2TP_VPN_GW)# exit

Router(config)#

Router(config)# crypto map Default_L2TP_VPN_Connection

Router(config-crypto Default_L2TP_VPN_Connection)# policy-enforcement

Router(config-crypto Default_L2TP_VPN_Connection)# local-policy L2TP_IFACE

Router(config-crypto Default_L2TP_VPN_Connection)# remote-policy L2TP_HOST

Router(config-crypto Default_L2TP_VPN_Connection)# activate

Router(config-crypto Default_L2TP_VPN_Connection)# exit

Router(config)#

previous next