Fortinet FortiGate 4000 Benutzerhandbuch

Select the policy list that you want to add the policy to (usually, External->Internal).

Select New to add a policy.

Set Source to the group that matches the L2TP address range.

Set Destination to the address to which L2TP users can connect.

Set Service to match the traffic type inside the L2TP VPN tunnel. 
For example, if L2TP users can access a web server, select HTTP.

Set Action to ACCEPT.

Select NAT if address translation is required.
You can also configure traffic shaping, logging, and antivirus and web filter settings for 
L2TP policies.

Select OK to save the firewall policy.

Use the following procedure to configure a client computer running Windows 2000 so 
that it can connect to a FortiGate L2TP VPN.

Go to Start > Settings > Network and Dial-up Connections.

Double-click Make New Connection to start the Network Connection Wizard and 
select Next.

For Network Connection Type, select Connect to a private network through the 
Internet and select Next.

For Destination Address, enter the address of the FortiGate unit to connect to and 
select Next.

Set Connection Availability to Only for myself and select Next.

Select Finish.

In the Connect window, select Properties.

Select the Security tab.

Make sure that Require data encryption is selected.

Select the Networking tab.

Set VPN server type to Layer-2 Tunneling Protocol (L2TP).

Save the changes and continue with the following procedure.

Select the Networking tab.

Select Internet Protocol (TCP/IP) properties.

Double-click the Advanced tab.

Note: If a RADIUS server is used for authentication do not select Require data encryption. 
L2TP encryption is not supported for RADIUS server authentication.