ZyXEL Communications 3.1 User Manual
Chapter 19 L2TP VPN
ZyWALL (ZLD) CLI Reference Guide
159
19.4 L2TP VPN Commands
The following table describes the values required for some L2TP VPN commands. Other values are
discussed with the corresponding commands.
discussed with the corresponding commands.
The following sections list the L2TP VPN commands.
19.4.1 L2TP VPN Commands
This table lists the commands for L2TP VPN. You must use the
configure terminal
command to
enter the configuration mode before you can use these commands.
Table 79
Input Values for L2TP VPN Commands
LABEL
DESCRIPTION
address_object
The name of an IP address (group) object. You may use 1-31 alphanumeric characters,
underscores(
underscores(
_
), or dashes (-), but the first character cannot be a number. This value is
case-sensitive.
interface_name
The name of the interface.
Ethernet interface: For the ZyWALL USG 300 and above, use gex, x = 1 - N, where N
equals the highest numbered Ethernet interface for your ZyWALL model.
equals the highest numbered Ethernet interface for your ZyWALL model.
The ZyWALL USG 200 and lower models use a name such as wan1, wan2, opt, lan1,
ext-wlan, or dmz.
VLAN interface: vlanx, x = 0 - 4094
bridge interface: brx, x = 0 - N, where N depends on the number of bridge interfaces
your ZyWALL model supports.
your ZyWALL model supports.
ppp_interface
PPPoE/PPTP interface: pppx, x = 0 - N, where N depends on the number of PPPoE/PPTP
interfaces your ZyWALL model supports.
interfaces your ZyWALL model supports.
map_name
The name of an IPSec SA. You may use 1-31 alphanumeric characters, underscores(
_
),
or dashes (-), but the first character cannot be a number. This value is case-sensitive.
user_name
The name of a user (group). You may use 1-31 alphanumeric characters, underscores(
_
),
or dashes (-), but the first character cannot be a number. This value is case-sensitive.
Table 80
L2TP VPN Commands
COMMAND
DESCRIPTION
l2tp-over-ipsec recover default-
ipsec-policy
If the default L2TP IPSec policy has been deleted, use this command to recreate it
(with the default settings).
(with the default settings).
[no] l2tp-over-ipsec activate;
Turns L2TP VPN on. The no command turns it off.
l2tp-over-ipsec crypto map_name
Specifies the IPSec VPN connection the ZyWALL uses for L2TP VPN. It must meet
the requirements listed in
the requirements listed in
.
Note: Modifying this VPN connection (or the VPN gateway that it uses) disconnects
any existing L2TP VPN sessions.
l2tp-over-ipsec pool address-
object
Specifies the address object that defines the pool of IP addresses that the ZyWALL
uses to assign to the L2TP VPN clients.
uses to assign to the L2TP VPN clients.
l2tp-over-ipsec authentication
aaa authentication profile_name
Specifies how the ZyWALL authenticates a remote user before allowing access to
the L2TP VPN tunnel.
the L2TP VPN tunnel.
The authentication method has the ZyWALL check a user’s user name and
password against the ZyWALL’s local database, a remote LDAP, RADIUS, a Active
Directory server, or more than one of these.
password against the ZyWALL’s local database, a remote LDAP, RADIUS, a Active
Directory server, or more than one of these.