beautypg.com

L2tp/pptp server advanced settings – Amer Networks E5Web GUI User Manual

Page 626

background image

Action: Allow

Service: all_services

Source Interface: l2tp_tunnel

Source Network: l2tp_pool

Destination Interface: any

Destination Network: all-nets

4.

Click OK

5.

Go to: Policies > Add > IPRule

6.

Enter a name for the rule, for example NATL2TP

7.

Now enter:

Action: NAT

Service: all_services

Source Interface: l2tp_tunnel

Source Network: l2tp_pool

Destination Interface: any

Destination Network: all-nets

8.

Click OK

IPsec Tunnels with Transport Mode for L2TP

The encapsulation mode of the IPsec tunnel in the example above is set to Transport. With
transport mode, the following recommendations should be followed:

The AddRouteToRemoteNet setting should be disabled. If the administrator has an indepth
understanding of what this setting does with transport mode, it could be enabled.

If AddRouteToRemoteNet is enabled with transport mode and the OuterPBRTable is set to
the same routing table as the RoutingTable , cOS Core will give a warning message and
disable AddRouteToRemoteNet automatically.

The reason for this is that if it is allowed, IKE/ESP traffic will be routed into its own tunnel after
tunnel establishment. This means that a traffic loop will be created so that no ESP/IKE packets
will get sent to the tunnel's remote endpoint.

9.5.3. L2TP/PPTP Server Advanced Settings

The following L2TP/PPTP server advanced settings are available to the administrator:

L2TP Before Rules

Chapter 9: VPN

626

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: