To Configure an L2TP TunnelLayer 2 Tunneling Protocol (L2TP) provides a way for a dial-up user to make a virtual Point-to-Point Protocol (PPP) connection to an L2TP network server (LNS, which can be a NetScreen device. L2TP sends PPP frames through a tunnel between an L2TP access concentrator (LAC) and the LNS.
To Configure an L2TP TunnelEnter the necessary information:
Name: Enter a name for the L2TP tunnel.
Select either Use Default Settings or Use Custom Settings.
Authentication Server: Select an authentication server from the drop-down list. The authentication servers that appear in the drop-down list are auth servers that you previously created (see Auth Server Configuration).
Query Remote Settings: (For RADIUS only) Select this option to get settings (such as DNS & WINS IP addresses) from the auth server.
Select who can use the L2TP tunnel:
Dialup Group: Select either Allow Any or an L2TP user group from the drop-down list. The user groups that appear in the drop-down list are groups that you previously created (see Local User Group Configuration). Selecting Allow Any allows alldialup user groups configured on the authentication server to use the policy.
Dialup User: Select either All-L2TP-Users, an L2TP user, or an external user from the drop-down list. The users that appear in the drop-down list are users that you previously created (see Local User Configuration). Selecting All-L2TP-Users allows all L2TP users configured on the authentication server to use the policy.
External User: If you select External User from the drop-down list, you must also enter the name of the external user.
Note: You can select External User only if you are using external authentication servers such as RADIUS, SecurID and LDAP.
Outgoing Interface: Select the interface that you want to terminate the L2TP tunnel from the drop-down list.
Peer IP: Enter the IP address of the L2TP dial-up client. If the IP address is dynamic, enter 0.0.0.0.
Host Name: (Optional) Enter the name of the computer hosting the L2TP dial-up client.
Secret: (Optional) Enter a secret for L2TP tunnel authentication.
Keep Alive: Enter a time interval in seconds. After this length of inactivity, the NetScreen device sends a hello message to the L2TP dial-up client to keep the connection from timing out.
IP Pool Name: Select an IP pool for the L2TP tunnel. (For information on creating IP pools, see IP Pool Configuration.)
DNS Primary Server IP: Enter the IP address of the primary Domain Name Service (DNS) server.
DNS Secondary Server IP: Enter the IP address of the secondary DNS server.
WINS Primary Server IP: Enter the IP address of the primary Windows Internet Naming Service (WINS) server.
WINS Secondary Server IP: Enter the IP address of the secondary WINS server.
Click OK to save your changes.