ZyXEL Communications 3.1 User Manual
ZyWALL (ZLD) CLI Reference Guide
157
C
H A P T E R
1 9
L2TP VPN
This chapter explains how to set up and maintain L2TP VPNs in the ZyWALL.
19.1 L2TP VPN Overview
L2TP VPN lets remote users use the L2TP and IPSec client software included with their computers’
operating systems to securely connect to the network behind the ZyWALL. The remote users do not
need their own IPSec gateways or VPN client software.
operating systems to securely connect to the network behind the ZyWALL. The remote users do not
need their own IPSec gateways or VPN client software.
Figure 21
L2TP VPN Overview
The Layer 2 Tunneling Protocol (L2TP) works at layer 2 (the data link layer) to tunnel network traffic
between two peers over another network (like the Internet). In L2TP VPN, an IPSec VPN tunnel is
established first (see
between two peers over another network (like the Internet). In L2TP VPN, an IPSec VPN tunnel is
established first (see
for information on IPSec) and then an L2TP tunnel is
built inside it.
Note: At the time of writing the L2TP remote user must have a public IP address in order
for L2TP VPN to work (the remote user cannot be behind a NAT router or a firewall).
19.2 IPSec Configuration
You must configure an IPSec VPN connection for L2TP VPN to use (see
details). The IPSec VPN connection must:
• Be enabled.
• Use transport mode.
• Not be a manual key VPN connection.
• Use Pre-Shared Key authentication.
• Use a VPN gateway with the Secure Gateway set to 0.0.0.0 if you need to allow L2TP VPN
• Use transport mode.
• Not be a manual key VPN connection.
• Use Pre-Shared Key authentication.
• Use a VPN gateway with the Secure Gateway set to 0.0.0.0 if you need to allow L2TP VPN
clients to connect from more than one IP address.
L2TP Tunnel
IPSec VPN Tunnel