Overview
The article describes the procedure to configure an L2TP VPN remote access on a Sophos XG Firewall.
How to configure an L2TP VPN remote access
Enable L2TP VPN connections, assign IP addresses and add members
- Go to VPN > Show VPN Settings.
- Select the L2TP tab. Complete the following fields under the General Settings and Client Information sections and then click Apply.
| Field | Value |
|---|---|
| Enable L2TP | Check Enable |
| Assign IP from | Enter the IP address range to lease. |
| Allow leasing IP address from RADIUS server for L2TP, PPTP, and CISCO VPN client | Optional, check this if you want to lease IP’s through RADIUS. |
| Primary DNS Server | Select a DNS Server from the drop-down list, or you can specify the DNS server by selecting Other. |
| Secondary DNS Server | Select a DNS Server from the list, or you can specify the DNS server by selecting Other. |
| Primary WINS Server | Optional |
| Secondary WINS Server | Optional |
- Click Add Member(s) to add an L2TP member. In this example, we’ve selected happy to add as an L2TP member.
- Click Apply to save the changes.
Create an L2TP policy
- Go to VPN > L2TP (Remote Access) and click Add to add an L2TP connection.
- Complete the following image and then click Save.
- Click the red icon under the Active column to activate the connection. Once connected it will show up as green.
Create a firewall rule
- Go to Firewall, click Add Firewall Rule and select User/Network Rule.
- Configure the rule as follows:
- Click Save.
- Note: It is possible for the remote host to access the internet via the XG Firewall. To do this, create a firewall rule with VPN as the source zone and WAN as the destination zone.
Leave a Reply