beautypg.com

Configuring a windows 2000 client for l2tp – Fortinet FortiGate 4000 User Manual

Page 267

background image

PPTP and L2TP VPN

Configuring L2TP

FortiGate-4000 Installation and Configuration Guide

267

2

Select the policy list that you want to add the policy to (usually, External->Internal).

3

Select New to add a policy.

4

Set Source to the group that matches the L2TP address range.

5

Set Destination to the address to which L2TP users can connect.

6

Set Service to match the traffic type inside the L2TP VPN tunnel.
For example, if L2TP users can access a web server, select HTTP.

7

Set Action to ACCEPT.

8

Select NAT if address translation is required.
You can also configure traffic shaping, logging, and antivirus and web filter settings for
L2TP policies.

9

Select OK to save the firewall policy.

Configuring a Windows 2000 client for L2TP

Use the following procedure to configure a client computer running Windows 2000 so
that it can connect to a FortiGate L2TP VPN.

To configure an L2TP dialup connection

1

Go to Start > Settings > Network and Dial-up Connections.

2

Double-click Make New Connection to start the Network Connection Wizard and
select Next.

3

For Network Connection Type, select Connect to a private network through the
Internet and select Next.

4

For Destination Address, enter the address of the FortiGate unit to connect to and
select Next.

5

Set Connection Availability to Only for myself and select Next.

6

Select Finish.

7

In the Connect window, select Properties.

8

Select the Security tab.

9

Make sure that Require data encryption is selected.

10

Select the Networking tab.

11

Set VPN server type to Layer-2 Tunneling Protocol (L2TP).

12

Save the changes and continue with the following procedure.

To disable IPSec

1

Select the Networking tab.

2

Select Internet Protocol (TCP/IP) properties.

3

Double-click the Advanced tab.

Note: If a RADIUS server is used for authentication do not select Require data encryption.
L2TP encryption is not supported for RADIUS server authentication.