Overview


The combination of Layer-2 Tunneling Protocol and Internet Protocol Security (L2TP/IPsec) creates a highly-secure technology that enables VPN connections across public networks such as the Internet. L2TP/IPsec provides a logical transport mechanism on which to transmit PPP frames, tunneling, or encapsulation, so that the PPP frames can be sent across an IP network. L2TP/IPsec relies on the PPP connection process to perform user authentication and protocol configuration. With L2TP/IPsec.


You can set the Pre-Shared Key or X.509 certificates for Authentication and safe access.


PSK: The pre-shared key or PSK is a shared secret key which is shared between the two parties for using the secure network channel. You need to share this key with the remote network user. If you select this option, you need to enter a Pre shared key.


X.509 Certificate: An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure standard to verify that a public key belongs to a user, using the identity contained within the certificate. If you select this option, you need to select the certificate.


Scenario


In below Scenario we are going to configure L2TP/IPsec VPN between Seqrite UTM placed as a Head Office and Remote Client as a connecting from outside network.



Step 1: To create a New L2TP/IPsec connection, go to VPN > IPsec > Remote Access



Step 2: Enable the VPN Server Status for creating VPN connection.



Live logs


Live logs provides us with the feature to monitor the current connection status. Live logs are shown in a separate pop-up session. You can also scroll down, export the logs to a XLS file if required.


Step 3: Configuring a Remote Site IPsec VPN connection between Head office and Remote client.


A. Head Office UTM Configuration: 

 

Parameter

Value 

Description 

Server Name

Seqrite

Name to identify the IPsec Connection.

Server IP

1.22.124.221

Select your Public IP.
This is a WAN interfaces that you have configured in the Interface section.

Virtual IP Pool starts with*

192.168.1.250

Enter the Virtual IP Pool range of IP addresses that will be assigned to the Remote users for accessing the private network. Enter the Local LAN Network address.

Virtual IP Pool ends with*

192.168.1.254

Authentication Type : PSK 

admin@123

The PSK or Pr-Shared Key is a shared secret key.
Note: You need to share this key with the remote network user.

Users

Username : vpnuser
Pass : user@123

Add the details of the users who are authorized to access the remote network.


Fill the parameters as show below :



To create a new User click on Add (+) under the users section and enter the user credentials into it.


Click on Apply to create the connection.


B. Remote client configuration:



Step 1: To create a new L2TP/IPsec Remote connection, go to Windows Settings > Network & Internet > VPN > Add a VPN Connection.


Step 2: Fill-up the parameter as shown below and Click on Save to create the connection.


 


Step 3: Click on the Connect button for establishing VPN.



Step 4: VPN is Successfully Connected as shown below.



Step 5: Verification of Connection establishment in UTM


Once the VPN is established successfully, VPN server will assign the Virtual pool IP and shows the user current state as Active.



Note:  As per the above settings, similar way we can configured the L2TP/IPsec Remote VPN on Mobile as well.


For assistance please write us @ UTMSupport@Seqrite.com