ZyXEL Communications 3.1 User Manual

Chapter 19 L2TP VPN

ZyWALL (ZLD) CLI Reference Guide

• Enable the connection.   

The following commands configure and display the policy route for the L2TP VPN connection entry.

• Set the policy route’s Source Address to the address object that you want to allow the remote 

users to access (LAN_SUBNET in this example). 

• Set  the  Destination Address to the IP address pool that the ZyWALL assigns to the remote 

users (L2TP_POOL in this example).

• Set the next hop to be the Default_L2TP_VPN_Connection tunnel.
• Enable the policy route.  

Router(config)# l2tp-over-ipsec crypto Default_L2TP_VPN_Connection

Router(config)# l2tp-over-ipsec pool L2TP_POOL

Router(config)# l2tp-over-ipsec authentication default

Router(config)# l2tp-over-ipsec user L2TP-test

Router(config)# l2tp-over-ipsec activate

Router(config)# show l2tp-over-ipsec

L2TP over IPSec:

  activate          : yes

  crypto            : Default_L2TP_VPN_Connection

  address pool      : L2TP_POOL

  authentication    : default

  user              : L2TP-test

  keepalive timer   : 60

  first dns server  : aux 1st-dns

  second dns server : aux 1st-dns

  first wins server :

  second wins server:

Router(config)# policy 3

Router(policy-route)# source LAN_SUBNET

Router(policy-route)# destination L2TP_POOL

Router(policy-route)# service any

Router(policy-route)# next-hop tunnel Default_L2TP_VPN_ConnectionRouter(policy-

route)# no deactivate

Router(policy-route)# exit

Router(config)# show policy-route 3

index: 3

  active: yes

  description: WIZ_VPN

  user: any

  schedule: none

  interface: ge1

  tunnel: none

  sslvpn: none

  source: PC_SUBNET

  destination: L2TP_POOL

  service: any

  nexthop type: Tunnel

  nexthop: Default_L2TP_VPN_Connection

  bandwidth: 0

  bandwidth priority: 0

  maximize bandwidth usage: no

  SNAT: none

  amount of port trigger: 0