Chapter 19 L2TP VPN
ZyWALL (ZLD) CLI Reference Guide
162
• Enable the connection.
19.5.4 Configuring the Policy Route for L2TP Example
The following commands configure and display the policy route for the L2TP VPN connection entry.
• Set the policy route’s Source Address to the address object that you want to allow the remote
users to access (LAN_SUBNET in this example).
•Set the Destination Address to the IP address pool that the ZyWALL assigns to the remote
users (L2TP_POOL in this example).
• Set the next hop to be the Default_L2TP_VPN_Connection tunnel.
• Enable the policy route.
Router(config)# l2tp-over-ipsec crypto Default_L2TP_VPN_Connection
Router(config)# l2tp-over-ipsec pool L2TP_POOL
Router(config)# l2tp-over-ipsec authentication default
Router(config)# l2tp-over-ipsec user L2TP-test
Router(config)# l2tp-over-ipsec activate
Router(config)# show l2tp-over-ipsec
L2TP over IPSec:
activate : yes
crypto : Default_L2TP_VPN_Connection
address pool : L2TP_POOL
authentication : default
user : L2TP-test
keepalive timer : 60
first dns server : aux 1st-dns
second dns server : aux 1st-dns
first wins server :
second wins server:
Router(config)# policy 3
Router(policy-route)# source LAN_SUBNET
Router(policy-route)# destination L2TP_POOL
Router(policy-route)# service any
Router(policy-route)# next-hop tunnel Default_L2TP_VPN_ConnectionRouter(policy-
route)# no deactivate
Router(policy-route)# exit
Router(config)# show policy-route 3
index: 3
active: yes
description: WIZ_VPN
user: any
schedule: none
interface: ge1
tunnel: none
sslvpn: none
source: PC_SUBNET
destination: L2TP_POOL
service: any
nexthop type: Tunnel
nexthop: Default_L2TP_VPN_Connection
bandwidth: 0
bandwidth priority: 0
maximize bandwidth usage: no
SNAT: none
amount of port trigger: 0
