Add an L2TP IPSec Phase 2 Proposal

You can configure Mobile VPN with L2TP to offer an L2TP client more than one proposal for Phase 2 of the IKE. For example, you could specify ESP-3DES-SHA1 in one proposal and ESP-DES-MD5 for a second proposal. When traffic passes through the VPN tunnel, the security association can use either ESP-3DES-SHA1 or ESP-DES-MD5 to match the transform settings on the L2TP client.

You can include a maximum of eight proposals.

To add a new IPSec phase 2 proposal for Mobile VPN with L2TP:

  1. Select VPN > Mobile VPN with L2TP.
  2. Click Configure.
  3. Select the IPSec tab.
  4. Select the Phase 2 Settings tab.

Add an Existing Phase 2 Proposal

There are six preconfigured proposals. The names follow the format <Type>-<Authentication>-<Encryption>. For all six, Force Key Expiration is configured for 8 hours or 128000 kilobytes.

To use one of the six preconfigured proposals or another phase 2 proposal you have previously created:

  1. In the IPSec Proposals section, select an existing proposal from the drop-down list
  2. Click Add.

The list of existing proposals shows only proposals that use the ESP proposal method. Mobile VPN with L2TP does not support the AH proposal method.

Create a New Phase 2 Proposal

The IPSec Phase 2 proposals used for Mobile VPN with L2TP are the same ones that can be used when you configure a branch office VPN. To create a new Phase 2 proposal, you must add it in the Branch Office VPN page.

To create a new Phase 2 proposal:

  1. Select VPN > Phase2 Proposals.
  2. Click Add.
    The Phase 2 Proposal page appears.

Screen shot of the Phase 2 Proposal settings

  1. Configure the Phase 2 proposal settings as described in Add a Phase 2 Proposal.

After you add the Phase 2 proposal, you can add it to the L2TP configuration as described in the previous procedure.

See Also

Edit the Mobile VPN with L2TP Configuration

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base