Fortinet FortiGate 4000 Benutzerhandbuch
PPTP and L2TP VPN
Configuring L2TP
FortiGate-4000 Installation and Configuration Guide
267
2
Select the policy list that you want to add the policy to (usually, External->Internal).
3
Select New to add a policy.
4
Set Source to the group that matches the L2TP address range.
5
Set Destination to the address to which L2TP users can connect.
6
Set Service to match the traffic type inside the L2TP VPN tunnel.
For example, if L2TP users can access a web server, select HTTP.
For example, if L2TP users can access a web server, select HTTP.
7
Set Action to ACCEPT.
8
Select NAT if address translation is required.
You can also configure traffic shaping, logging, and antivirus and web filter settings for
L2TP policies.
You can also configure traffic shaping, logging, and antivirus and web filter settings for
L2TP policies.
9
Select OK to save the firewall policy.
Configuring a Windows 2000 client for L2TP
Use the following procedure to configure a client computer running Windows 2000 so
that it can connect to a FortiGate L2TP VPN.
that it can connect to a FortiGate L2TP VPN.
To configure an L2TP dialup connection
1
Go to Start > Settings > Network and Dial-up Connections.
2
Double-click Make New Connection to start the Network Connection Wizard and
select Next.
select Next.
3
For Network Connection Type, select Connect to a private network through the
Internet and select Next.
Internet and select Next.
4
For Destination Address, enter the address of the FortiGate unit to connect to and
select Next.
select Next.
5
Set Connection Availability to Only for myself and select Next.
6
Select Finish.
7
In the Connect window, select Properties.
8
Select the Security tab.
9
Make sure that Require data encryption is selected.
10
Select the Networking tab.
11
Set VPN server type to Layer-2 Tunneling Protocol (L2TP).
12
Save the changes and continue with the following procedure.
To disable IPSec
1
Select the Networking tab.
2
Select Internet Protocol (TCP/IP) properties.
3
Double-click the Advanced tab.
Note: If a RADIUS server is used for authentication do not select Require data encryption.
L2TP encryption is not supported for RADIUS server authentication.
L2TP encryption is not supported for RADIUS server authentication.