L2tp/ipsec, Set l2tp – Perle Systems IOLAN CSS User Manual

Page 121

Advertising
background image

Network Commands 117

L2TP/IPsec

L2TP/IPsec

Once L2TP/IPsec is enabled, the IOLAN expects all connections to be established through a VPN
tunnel. To allows hosts to connect outside of the VPN tunnel, you must configure VPN exceptions,
see

VPN Exceptions on page 119

for the command syntax.

Set L2TP

Description
User Level Admin
Syntax

set l2tp listen-for-l2tp on|off

set l2tp authentication-method shared-secret [secret <text>]

set l2tp authentication-method x.509-certificate

remote-validation-criteria [country <code>]

[state-province <text>] [locality <text>] [organisation <text>]

[organisation-unit <text>] [common-name <text>]

[email <email_addr>]

set l2tp [ipsec-local-ip-address <ipv4_addr>]

[local-ip-address <ipv4_addr>]

[remote-ipv4-start-address <start_ip>]

[remote-ipv4-end-address <end_ip>]

[authentication-type pap|chap|both]

Options

listen-for-l2tp

When enabled, allows L2TP/IPsec VPN connections. Note: to allow non-VPN
connections to the IOLAN, you must create entries in the VPN Exceptions list. The
default is

off

.

authentication methed shared-secret|x.509-certificate

Specify the authentication method that will be used between VPN peers to authenticate
the VPN tunnel.

Data Options:

z

Shared Secret—A text-based secret that is used to authenticate the IPsec tunnel
(case sensitive).

z

X.509 Certificate—X.509 certificates are used to authenticate the IPsec tunnel.
When using this authentication method, you must include the signing authority’s
certificate information in the SSL/TLS CA list and download it to the IOLAN.

Default: Shared Secret

secret

When the

Authentication Method

is

Secret

, enter the case-sensitive secret word.

Maximum of 16 characters, spaces not allowed. The secret is shared for all IPsec and
L2TP/IPsec tunnels.

remote-validation-criteria

Any values that are entered in the remote validation criteria must match the remote
X.509 certificate for a succsessful connection; any fields left blank will not be validated
against the remote X.509 certificate. Note that all validation criteria must be configured
to match the X.509 certificate. An asterick (*) is valid as a wildcard.

Advertising
Popular Brands
Popular manuals