Creating an internal L2TP VPN connection

Note: We recommend that you limit any zone bridging from the nominated interface to other interfaces. Tunnels connecting to the nominated additional interface are assigned an IP address on the L2TP internal interface, as shown in the L2TP settings region. If a zone bridge is created between the additional nominated interface and the L2TP interface, it means that the VPN can be circumvented. Therefore, it limits its usefulness.



  1. On the NETWORK menu, under the VPN submenu, click L2TP road warriors.
  2. Under the Create new tunnel section, enter a meaningful Name for this tunnel.
  3. From the Local IP list, select the external IP address to use for this tunnel.
  4. Enter the Client IP address for this connection.
  5. Enter the Username and Password for this connection.
  6. From the Authenticate by list, to dedicate this connection to a specific user, choose the user’s certificate from the list, to allow any valid certificate holder to use this tunnel, choose Certificate presented by peer. If your organization anticipates supporting many road warrior connections, we recommend that you authenticate by a specific certificate for easier management.
  7. From the L2TP client OS list, select the L2TP client's operating system.
  8. Click Advanced » and, from the Local certificate list, select Default.
  9. Click Add.

Follow-up task