ZyXEL Communications 3.1 ユーザーズマニュアル
Chapter 19 L2TP VPN
ZyWALL (ZLD) CLI Reference Guide
161
• You configure an IP address pool object named L2TP_POOL to assign the remote users IP
addresses from 192.168.10.10 to 192.168.10.20 for use in the L2TP VPN tunnel.
• The VPN rule allows the remote user to access the LAN_SUBNET which covers the 192.168.1.1/
24 subnet.
19.5.1 Configuring the Default L2TP VPN Gateway Example
The following commands configure the Default_L2TP_VPN_GW entry.
• Configure the My Address setting. This example uses interface ge3 with static IP address
172.23.37.205.
• Configure the Pre-Shared Key. This example uses “top-secret”.
19.5.2 Configuring the Default L2TP VPN Connection Example
The following commands configure the Default_L2TP_VPN_Connection entry.
Enforce and configure the local and remote policies.
• For the Local Policy, create an address object that uses host type and contains the My Address
IP address that you configured in the Default_L2TP_VPN_GW. The address object in this
example uses IP address 172.23.37.205 and is named L2TP_IFACE.
example uses IP address 172.23.37.205 and is named L2TP_IFACE.
• For the Remote Policy, create an address object that uses host type and an IP address of
0.0.0.0. It is named L2TP_HOST in this example.
19.5.3 Configuring the L2TP VPN Settings Example
The following commands configure and display the L2TP VPN settings.
• Set it to use the Default_L2TP_VPN_Connection VPN connection.
• Configure an IP address pool for the range of 192.168.10.10 to 192.168.10.20. In this example it
• Configure an IP address pool for the range of 192.168.10.10 to 192.168.10.20. In this example it
is already created and called L2TP_POOL.
• This example uses the default authentication method (the ZyWALL’s local user data base).
• Select a user or group of users that can use the tunnel. Here a user account named L2TP-test
• Select a user or group of users that can use the tunnel. Here a user account named L2TP-test
has been created.
• The other settings are left to the defaults in this example.
Router(config)# isakmp policy Default_L2TP_VPN_GW
Router(config-isakmp Default_L2TP_VPN_GW)# local-ip interface ge3
Router(config-isakmp Default_L2TP_VPN_GW)# authentication pre-share
Router(config-isakmp Default_L2TP_VPN_GW)# keystring top-secret
Router(config-isakmp Default_L2TP_VPN_GW)# activate
Router(config-isakmp Default_L2TP_VPN_GW)# exit
Router(config)#
Router(config)# crypto map Default_L2TP_VPN_Connection
Router(config-crypto Default_L2TP_VPN_Connection)# policy-enforcement
Router(config-crypto Default_L2TP_VPN_Connection)# local-policy L2TP_IFACE
Router(config-crypto Default_L2TP_VPN_Connection)# remote-policy L2TP_HOST
Router(config-crypto Default_L2TP_VPN_Connection)# activate
Router(config-crypto Default_L2TP_VPN_Connection)# exit
Router(config)#