The article describes the procedure to configure an L2TP VPN remote access on a Sophos XG Firewall.
How to configure an L2TP VPN remote access
Enable L2TP VPN connections, assign IP addresses and add members
- Go to VPN > Show VPN Settings.
- Select the L2TP tab. Complete the following fields under the General Settings and Client Information sections and then click Apply.
|Enable L2TP||Check Enable|
|Assign IP from||Enter the IP address range to lease.|
|Allow leasing IP address from RADIUS server for L2TP, PPTP, and CISCO VPN client||Optional, check this if you want to lease IP’s through RADIUS.|
|Primary DNS Server||Select a DNS Server from the drop-down list, or you can specify the DNS server by selecting Other.|
|Secondary DNS Server||Select a DNS Server from the list, or you can specify the DNS server by selecting Other.|
|Primary WINS Server||Optional|
|Secondary WINS Server||Optional|
- Click Add Member(s) to add an L2TP member. In this example, we’ve selected happy to add as an L2TP member.
- Click Apply to save the changes.
Create an L2TP policy
- Go to VPN > L2TP (Remote Access) and click Add to add an L2TP connection.
- Complete the following image and then click Save.
- Click the red icon under the Active column to activate the connection. Once connected it will show up as green.
Create a firewall rule
- Go to Firewall, click Add Firewall Rule and select User/Network Rule.
- Configure the rule as follows:
- Click Save.
- Note: It is possible for the remote host to access the internet via the XG Firewall. To do this, create a firewall rule with VPN as the source zone and WAN as the destination zone.