Contents

Use the WatchGuard L2TP Setup Wizard

The WatchGuard L2TP Setup Wizard helps you activate and configure Mobile VPN with L2TP. The setup wizard is only available when Mobile VPN with L2TP has not been activated. Any Mobile VPN with L2TP settings not configurable in the wizard are set to their default values. When you activate Mobile VPN with L2TP, IPSec is enabled by default with these IPSec settings:

Phase 1 transforms

  • SHA-1, AES(256), and Diffie-Hellman Group 2
  • SHA-1, AES(256), and Diffie-Hellman Group 20
  • SHA2-256, AES(256), and Diffie-Hellman Group 14

The SA life is 8 hours for all transforms.

Phase 2 proposals

  • ESP-AES-SHA1
  • ESP-AES128-SHA1
  • ESP-AES256-SHA256

PFS is disabled.

You can edit these settings after you run the wizard if your L2TP clients require different settings.

Before You Begin

When you configure Mobile VPN with L2TP, you select an authentication server and add users and groups for authentication. Make sure that the authentication server you want to use for L2TP user authentication is configured before you enable Mobile VPN with L2TP. Also, make sure that any users and groups you want to use are added to the authentication server.

Mobile VPN with L2TP supports two authentication methods: Local authentication on the Firebox (Firebox-DB) and RADIUS. For more information about supported user authentication methods for L2TP, see About L2TP User Authentication

You cannot configure Mobile VPN with L2TP if the device configuration already has a branch office VPN gateway that uses main mode and has a remote gateway with a dynamic IP address.

Use the L2TP Setup Wizard

You can use a wizard to configure Mobile VPN with L2TP.

The steps to start the wizard changed in Fireware v12.3. To start the wizard in Fireware Web UI v12.2.1 or lower, select VPN > Mobile VPN with L2TP and click Run Wizard. To start the wizard in Policy Manager v12.2.1 or lower, select VPN > Mobile VPN > L2TP > Activate.

When you enable Mobile VPN with L2TP, two policies are automatically added to allow L2TP traffic. For more information, see About L2TP Policies.

See Also

Edit the Mobile VPN with L2TP Configuration

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search