Sophos L2tp



Sophos

I'm trying to set up a Windows Server L2TP/ik2v2 VPN behind a Sophos XG210. I've done this successfully in the past using PPTP and fortigate, so I thought it would be simple. But I can't seem to get the necessary protocol (50) through the Sophos.

Overview

Sophos l2tp

L2TP over IPSec is a combination of the Layer 2 Tunneling Protocol and of the IPSec standard protocol. L2TP over IPSec allows you, while providing the same functions as PPTP, to give individual hosts access to your network through an encrypted IPSec tunnel. The structure is described in the following chart. This article provides links to the Configuration Guides for Remote Access via L2TP over IPsec on the Sophos UTM. Remote Access via L2TP over IPsec (UTM 9.6, English) Configuration Guide 2018-12-10 Format: PDF Pages: 27 Size: 1.52 MB Remote Access via L2TP over IPsec (UTM 9, English) Configuration Guide 2013-01-11. Windows 10 Client Configuration (L2TP) On Windows 10 go to Settings Network & Internet VPN. Click + Add a VPN connection. Create a basic Windows (Built-in). Contents 1Introduction 4 2ConfiguringUTM 6 2.1DefiningaUserAccount 6 2.2ConfiguringSSLSettings 7 2.3ConfiguringAdvancedSSLSettings 8 2.

The article describes the procedure to configure an L2TP VPN remote access on a Sophos XG Firewall.

How to configure an L2TP VPN remote access

Enable L2TP VPN connections, assign IP addresses and add members

  • Go to VPN > Show VPN Settings.
  • Select the L2TP tab. Complete the following fields under the General Settings and Client Information sections and then click Apply.
FieldValue
Enable L2TPCheck Enable
Assign IP fromEnter the IP address range to lease.
Allow leasing IP address from RADIUS server for L2TP, PPTP, and CISCO VPN clientOptional, check this if you want to lease IP’s through RADIUS.
Primary DNS ServerSelect a DNS Server from the drop-down list, or you can specify the DNS server by selecting Other.
Secondary DNS ServerSelect a DNS Server from the list, or you can specify the DNS server by selecting Other.
Primary WINS ServerOptional
Secondary WINS ServerOptional
  • Click Add Member(s) to add an L2TP member. In this example, we’ve selected happy to add as an L2TP member.
  • Click Apply to save the changes.

Create an L2TP policy

Sophos l2tp vpn
  • Go to VPN > L2TP (Remote Access) and click Add to add an L2TP connection.
  • Complete the following image and then click Save.
  • Click the red icon under the Active column to activate the connection. Once connected it will show up as green.

Create a firewall rule

Sophos L2tp Split Tunnel

  • Go to Firewall, click Add Firewall Rule and select User/Network Rule.
  • Configure the rule as follows:

Sophos L2tp Client

  • Click Save.
  • Note: It is possible for the remote host to access the internet via the XG Firewall. To do this, create a firewall rule with VPN as the source zone and WAN as the destination zone.

You want to create a remote access L2TP connection.

Introduction

Sophos

To create the L2TP connection, do as follows:

Sophos L2tp Vpn

  • Turn on L2TP VPN connections, and specify your settings.
  • Create your L2TP policy.
  • Create a firewall rule to allow inbound VPN traffic.

Create an L2TP connection

  1. Go to VPN > Show VPN settings.
  2. Select the L2TP tab and select Enable L2TP.
  3. Specify the general settings:
    Option
    Description

    Assign IP from

    Enter the IP address range to lease.

    Allow leasing IP address from RADIUS server for L2TP, PPTP, and Sophos Connect client

    This setting is optional.

    Select this if you want to lease IP addresses through RADIUS.

  4. Specify the client information:
    Option
    Description

    Primary DNS server

    Select a DNS server from the drop-down list, or specify the DNS server by selecting Other and typing the server's address.

    Secondary DNS server

    This setting is optional.

    Select a DNS server from the drop-down list, or specify the DNS server by selecting Other and typing the server's address.

    Primary WINS server

    This setting is optional.

    Enter the IP address of your primary WINS server.

    Secondary WINS server

    This setting is optional.

    Enter the IP address of your secondary WINS server.

  5. Click Add member(s), at the bottom of the page.
  6. Select your users and groups, then click Add.
  7. Click Apply.