Справочник Пользователя для ZyXEL Communications ZLD
Chapter 19 L2TP VPN
ZyWALL (ZLD) CLI Reference Guide
160
19.5 L2TP VPN Example
This example uses the following settings in creating a basic L2TP VPN tunnel. See the Web
Configurator User’s Guide for how to configure L2TP in remote user computers using Windows XP
and Windows 2000.
Configurator User’s Guide for how to configure L2TP in remote user computers using Windows XP
and Windows 2000.
Figure 23
L2TP VPN Example
• The ZyWALL has a static IP address of 172.23.37.205 for the ge3 interface.
• The remote user has a dynamic public IP address and connects through the Internet.
• The remote user has a dynamic public IP address and connects through the Internet.
certificate cert_name
Select the certificate to use to identify the ZyWALL for L2TP VPN connections. The
certificate is used with the EAP, PEAP, and MSCHAPv2 authentication protocols. The
certificate must already be configured.
certificate is used with the EAP, PEAP, and MSCHAPv2 authentication protocols. The
certificate must already be configured.
[no] l2tp-over-ipsec user
user_name
Specifies the user or user group that can use the L2TP VPN tunnel. If you do not
configure this, any user with a valid account and password on the ZyWALL to log in.
The no command removes the user name setting.
configure this, any user with a valid account and password on the ZyWALL to log in.
The no command removes the user name setting.
[no] l2tp-over-ipsec keepalive-
timer <1..180>
The ZyWALL sends a Hello message after waiting this long without receiving any
traffic from the remote user. The ZyWALL disconnects the VPN tunnel if the remote
user does not respond. The no command returns the default setting.
traffic from the remote user. The ZyWALL disconnects the VPN tunnel if the remote
user does not respond. The no command returns the default setting.
[no] l2tp-over-ipsec first-dns-
server {ip | interface_name}
{1st-dns|2nd-dns|3rd-dns}|
{ppp_interface|aux}{1st-dns|2nd-
dns}}
Specifies the first DNS server IP address to assign to the remote users. You can
specify a static IP address, or a DNS server that an interface received from its
DHCP server. The no command removes the setting.
specify a static IP address, or a DNS server that an interface received from its
DHCP server. The no command removes the setting.
[no] l2tp-over-ipsec second-dns-
server {ip | interface_name}
{1st-dns|2nd-dns|3rd-dns}|
{ppp_interface|aux}{1st-dns|2nd-
dns}}
Specifies the second DNS server IP address to assign to the remote users. You can
specify a static IP address, or a DNS server that an interface received from its
DHCP server. The no command removes the setting.
specify a static IP address, or a DNS server that an interface received from its
DHCP server. The no command removes the setting.
[no] l2tp-over-ipsec first-wins-
server ip
Specifies the first WINS server IP address to assign to the remote users. The no
command removes the setting.
command removes the setting.
[no] l2tp-over-ipsec second-
wins-server ip
Specifies the second WINS server IP address to assign to the remote users. The no
command removes the setting.
command removes the setting.
no l2tp-over-ipsec session
tunnel-id <0..65535>
Deletes the specified L2TP VPN tunnel.
show l2tp-over-ipsec
Displays the L2TP VPN settings.
show l2tp-over-ipsec session
Displays current L2TP VPN sessions.
Table 80
L2TP VPN Commands
COMMAND
DESCRIPTION
LAN_SUBNET: 192.168.1.1/24
172.23.37.205
L2TP_POOL:
192.168.10.10~192.168.10.20