Configuring an L2TP VPN Tunnel to ProSAFE/ProSECURE routers
This is an example for creating an L2TP VPN tunnel policy to a remote Windows 7 client.L2TP abbreviates Layer 2 Tunnelling protocol.
Ther router used here is aSRX5308 with subnet192.168.1.0/24
NOTE: This document assumes that your ProSAFE/ProSECURE router is either receiving a public IP address on the WAN interface or that the gateway device(s) have the correct port forwarding or DMZ configured so that port TCP port 1723 is open for the ProSAFE/ProSECURE routers, these gateway devices must also allow VPN pass-through.
The values used in this scenario are for this example only; certain values will depend on the setup of your network.
Setup SRX5308 as L2TP Server
- Click VPN
- Click L2TP Server
- Select Enable and enter Starting to Ending IP range.
- Select an authentication method: MSCHAPv2 in this example
Note: IP range must be different to existing LAN range in use.
Create L2TP users
- Click Users
- Click Add
- Choose L2TP user
- Enter username and password accordingly.
Once the account is created it will show in the list of Users in section Users – Users.
Create L2TP VPN on Windows client (using Windows 7 for this example)
- Click Start – Control Panel – Network and Sharing Center.
- Click Set up a new connection or network
- Next, Click Connect to a workplace
- Click Use my Internet connection (VPN)
- Enter the WAN IP address or Internet name for the SRX5308
- Name the new Connection
- Select “Don’t connect now; just set it up so I can connect later”
- Enter the Username and Password, created in Step Create L2TP User.
- Click Create.
- Click Close.
Now we need to edit the L2TP connection, to match the Authentication type of the SRX5308
- Go to Network and Sharing Center
- Click Change adapter setting
- Right click on the newly created L2TP connection and select Properties.
In the VPN connection properties page
- Go to Security
- Set Type of VPN to: Layer 2 Tunneling Protocol with IPSec (L2TP/IPSec)
- Select Microsoft CHAP Version 2 (MS-CHAP v2)
- Click OK
Connect the L2TP VPN
- Go to Network and Sharing Center
- Right click on the newly created L2TP connection
- Click Connect
- At the prompt enter username and password and click 'Connect'.
- You have the option toselect and Save the username and password.
Confirm the L2TP VPN is established
- Right click on the L2TP VPN connection in Network Connection
- Select Status
- We can see the connection is established.
Also, we can ping the IP address of the SRX5308.