Security Gateway as an L2TP/IPsec client (11.x)

Security Gateway Articles and How to's
Posts: 6
Joined: 03 Sep 2010, 08:16
Location: Clavister HQ - Örnsköldsvik

Security Gateway as an L2TP/IPsec client (11.x)

Post by Siby » 13 Oct 2010, 10:10

This How-to applies to:
  • Clavister Security Gateway 11.x
  • Setting up the Security Gateway as an L2TP/IPsec client.
  • L2TP over IPsec requires an IPsec tunnel that encapsulates the L2TP data when it is transported over an insecure network. This means that the IPsec tunnel will be established first, then the L2TP tunnel will be established inside the IPsec tunnel.

1. Setting up an IPsec interface.
  • Name: IPsec_L2TP_Client
    Encapsulation Mode: Transport
    Remote Endpoint: Remote_GW
    Local Endpoint: Wan_IP
    IKE and IPsec Algorithms: We recommend choosing safe proposals such as SHA256 and AES256. (you will need to match the algorithms of the L2TP Server)

2. Setting up an L2TP Client interface.
  • Name: L2TP _Client
    Tunnel Protocol: L2TP
    Remote Endpoint: Remote_GW
    Remote Network: all-nets
    Authentication: Here we enter the username and password for a user on the L2TP Server.
    Under the Security tab: Select the IPsec interface created earlier.
    NOTE: Keep the "Statically Add Route" option enabled
L2TP Client Settings.png
L2TP Client Settings.png (8.77 KiB) Viewed 5896 times
3. Build Policies to allow traffic to and from the L2TP server.
  • IP Policy example:
    Action: Allow
    Source Interface: Lan
    Source Network: Lan_net
    Destination Interface: L2TP_Client
    Destination Network: all-nets
    Service: all_services
L2TP Client Policy.png
L2TP Client Policy.png (11.03 KiB) Viewed 5896 times
This IP Policy will be different in almost every scenario and the policies are built exactly like policies for a physical interface.

Posts: 41
Joined: 24 Oct 2016, 08:23

Re: Security Gateway as an L2TP/IPsec client (11.x)

Post by mape » 20 Dec 2016, 12:17

Updated 2016-12-20