Cyberoam –L2TP VPN Setup Created on Version 10.01.0286 This document outlines the steps to: Enable L2TP Set Encryption and Authentication Settings Grant Users Logon access via L2TP This document assumes: You are using the User Database Local to the Cyberoam You have at least version 10.01.0286 Active Directory Notes: If you are using Active Directory Integration that you have selected PAP authentication If you want to authenticate using MS-CHAPv2 against Active Directory you must use RADIUS + IAS/NAP Step 1 – Enable L2TP 1. Go to VPN—L2TP, Click the “Configuration” TAB Under General Configuration choose the local address to be used by L2TP 2. Choose the range to assign to L2TP users Do not specify the same IP address range in L2TP configuration and PPTP configuration. 3. Specify the DNS Servers to be used. 4. Click “Apply” 5. Click the “Connection” TAB and then click “Add” 6. Fill out: Name: <choose name for connection> Policy: Default L2TP Action on VPN Restart: <action when the VPN service or Cyberoam restarts> Authentication Type: Preshared Key Preshared Key: <enter a secret preshared key” Local WAN Port: <choose the WAN port used for L2TP access> Remote Network Details: Tick On “Allow NAT Traversal” Remote LAN Network: “Any”
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Cyberoam –L2TP VPN Setup
Created on Version 10.01.0286
This document outlines the steps to:
Enable L2TP
Set Encryption and Authentication Settings
Grant Users Logon access via L2TP
This document assumes:
You are using the User Database Local to the Cyberoam
You have at least version 10.01.0286
Active Directory Notes:
If you are using Active Directory Integration that you have selected PAP authentication
If you want to authenticate using MS-CHAPv2 against Active Directory you must use RADIUS
+ IAS/NAP
Step 1 – Enable L2TP 1. Go to VPN—L2TP, Click the “Configuration” TAB
Under General Configuration choose the local address to be used by L2TP
2. Choose the range to assign to L2TP users
Do not specify the same IP address range in L2TP configuration and PPTP configuration.
3. Specify the DNS Servers to be used.
4. Click “Apply”
5. Click the “Connection” TAB and then click “Add”
6. Fill out:
Name: <choose name for connection>
Policy: Default L2TP
Action on VPN Restart: <action when the VPN service or Cyberoam restarts>
Authentication Type: Preshared Key
Preshared Key: <enter a secret preshared key”
Local WAN Port: <choose the WAN port used for L2TP access>
Remote Network Details: Tick On “Allow NAT Traversal”
Remote LAN Network: “Any”
7. Click “OK”
8. Activate the Connection by clicking on “Active” Light -----
Step 2 – Set Encryption and Authentication Methods 1. Login to the CLI Console:
By clicking Console in the top right corner
OR
logging in via Telnet or SSH
Choose Option # 4
2. You can use the following syntax to set the encryption and authentication:
3. you can review the settings with the following command:
Step 3 – Grant Users Logon access via L2TP There are a few places to grant access to users:
4. Go to IDENTITY--USERS and click the user you would like to grant L2TP access. Choose
“Enable L2TP”.
5. Go to IDENTITY--GROUPS and click the group you would like to grant L2TP access. Choose
“Enable L2TP”.
6. Go to VPN—L2TP and click “Add Member(s)” and Choose the ‘groups’ or ‘users’. And click
Apply
Console> set vpn l2tp authentication [ ANY | CHAP | MS_CHAPv2 | PAP]
Console> show vpn configuration
Review Users/Groups with L2TP access:
Go to VPN—L2TP and click “Show L2TP Members” and Choose the ‘groups’ or ‘users’.
Diagnostics and Logging:
1. In CLI - Console> Cyberoam diagnostics show syslog
2. In GUI - Go to LOGS & REPORTS—LOG VIEWER
Choose View logs for “Authentication”
L2TP – Apple MAC OSX
Step 1 - Go to Network Configuration
Go to System Preferences and under Internet & Network choose “Network”
Step 2. Create VPN Connection 1. Click the “+” to add a new connection
2. Choose
Interface: VPN
VPN Type: L2TP over IPSEC
Server Name: <enter a name for the connection>
3. Click Create
Step 3 – Setup VPN Connection 1. For the L2TP VPN connection. Enter in:
Server Address: <IP or DNS of the L2TP Server>
Account Name: <L2TP username>
2. Click Authentication Settings
Step 4 – Set Password MAC OSX supports MS-CHAPv2 and CHAP Authentication and Encryption. PAP may be unsupported
need to check.
1. Enter the L2TP password
2. Enter the Preshared Key as the Shared Secret
3. Click “OK”
4. Click Apply
Step 5 – Connect Click “Connect”
L2TP – Windows 7
Create a New L2TP VPN Connection Click Start type “vpn” and choose “set up a new connection or network”
Choose “Connect to a workplace”
Choose “No, create a new connection” and click “Next”
Choose “Use my Internet connection (VPN)”
Enter in:
Internet Address: <L2TP server Address IP or DNS>
Destination Name: <name to call the L2TP connection>
Click “Next”
Enter in:
Username: <your l2tp username>
Password: <your l2tp password>
Click “Connect”
At this point you will need to click “Skip”
Then you may have to manually edit the properties of the VPN connection
Right click the connection and choose “Properties”
Go to the “Security” Tab
And set the VPN type to “Layer 2 Tunneling Protocol with IPSEC (L2TP/IPSEC)”.
Click “Advanced Settings” and enter in the Preshared Key, Click “OK”.
Other options will depend on your L2TP server settings.
Choose Full tunnel or split tunnel routing Right click the connection and choose “Properties”
Go to the “Networking” Tab
Choose “Internet Protocol Version 4 (TCP/IP v4) and click Properties
Click “Advanced”.
And adjust the setting “Use default gateway on remote network”
On – all traffic will be routed over the VPN (you will web browse via the remote network)
Off – only VPN specific traffic will route via the VPN (you will web browse locally)
Click “OK” – 3 times
Related Documents
