FortiGate Installation and Configuration Guide

PPTP and L2TP VPN Configuring L2TP

FortiGate-50A Installation and Configuration Guide 209

Configuring L2TP

Some implementations of L2TP support elements of IPSec. These elements must be

disabled when L2TP is used with a FortiGate unit.

This section describes:

• Configuring the FortiGate unit as an L2TP gateway

• Configuring a Windows 2000 client for L2TP

• Configuring a Windows XP client for L2TP

Configuring the FortiGate unit as an L2TP gateway

Use the following procedures to configure the FortiGate unit as an L2TP gateway:

To add users and user groups

Add a user for each L2TP client.

1 Go to User > Local.

2 Add and configure L2TP users.

See “Adding user names and configuring authentication” on page 172.

3 Go to User > User Group.

4 Add and configure L2TP user groups.

See “Configuring user groups” on page 177.

To enable L2TP and specify an address range

1 Go to VPN > L2TP > L2TP Range.

2 Select Enable L2TP.

3 Enter the Starting IP and the Ending IP for the L2TP address range.

4 Select the User Group that you added in “To add users and user groups” on page 209.

5 Select Apply to enable L2TP through the FortiGate unit.

Note: L2TP VPNs are only supported in NAT/Route mode.