Sophos XG Firewall: How to configure an L2TP VPN remote access

Overview

The article describes the procedure to configure an L2TP VPN remote access on a Sophos XG Firewall.

How to configure an L2TP VPN remote access

Enable L2TP VPN connections, assign IP addresses and add members

  • Go to VPN > Show VPN Settings.
  • Select the L2TP tab. Complete the following fields under the General Settings and Client Information sections and then click Apply.
Field Value
Enable L2TP Check Enable
Assign IP from Enter the IP address range to lease.
Allow leasing IP address from RADIUS server for L2TP, PPTP, and CISCO VPN client Optional, check this if you want to lease IP’s through RADIUS.
Primary DNS Server Select a DNS Server from the drop-down list, or you can specify the DNS server by selecting Other.
Secondary DNS Server Select a DNS Server from the list, or you can specify the DNS server by selecting Other.
Primary WINS Server Optional
Secondary WINS Server Optional

  • Click Add Member(s) to add an L2TP member. In this example, we’ve selected happy to add as an L2TP member.

  • Click Apply to save the changes.

Create an L2TP policy

  • Go to VPN > L2TP (Remote Access) and click Add to add an L2TP connection.
  • Complete the following image and then click Save.

  • Click the red icon under the Active column to activate the connection. Once connected it will show up as green.

Create a firewall rule

  • Go to Firewall, click Add Firewall Rule and select User/Network Rule.
  • Configure the rule as follows:

  • Click Save.
  • Note: It is possible for the remote host to access the internet via the XG Firewall. To do this, create a firewall rule with VPN as the source zone and WAN as the destination zone.

Be the first to comment

Leave a Reply

Your email address will not be published.


*