Article Id
195367
Description
One option for creating a Virtual Private Connection (VPN) using a FortiGate unit is the use of L2TP. This article describes the steps required to make a Layer 2 Tunneling Protocol (L2TP) VPN using FortiOS firmware version 4.00 MR2 or MR3.
Scope
Layer 2 Tunneling Protocol (L2TP) VPN configuration using:
FortiOS firmware version 4.00 MR2
FortiOS firmware version 4.00 MR3
Solution
Use the following CLI commands to configure Layer 2 Tunneling Protocol (L2TP) VPN with FortiOS version 4.00 MR2 or MR3. Configuring L2TP using the web based manager is not supported.
config vpn l2tp
set status enable
set sip 10.11.12.100
set eip 10.11.12.200
set usrgrp l2tpgrp
end
For the commands above, you must first set up a user group. To do this, go to User > User Group.
New User
For the commands above, you must first set up a user group. To do this, go to User > User Group.
New User
User Group
Create a Address object for the L2TP range as below
config firewall address
edit "l2tp_range"
set type iprange
set end-ip 10.11.12.200
set start-ip 10.11.12.100
next
end
Then configure the firewall policy as below
config firewall policy
edit 1
set srcintf "wan1"
set dstintf "internal"
set srcaddr "l2tp_range"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
next
end
Then configure the in-built microsoft client as below
Step 1:
Step 2:
Step 3:
Step 4:
Step 5:
Step 6:
Step 7:
Step 8:
Final step to connect L2TP VPN
To check the logs, run the below Debug commands on the Fortigate unit:
diag debug reset
diag debug disable
diag debug appl l2tp -1
diag debug enable
diag debug reset
diag debug disable
diag debug appl l2tp -1
diag debug enable
