FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable
Article Id 195367

Description
One option for creating a Virtual Private Connection (VPN) using a FortiGate unit is the use of L2TP.  This article describes the steps required to make a Layer 2 Tunneling Protocol (L2TP) VPN using FortiOS firmware version 4.00 MR2 or MR3.

Scope

Layer 2 Tunneling Protocol (L2TP) VPN configuration using:
FortiOS firmware version 4.00 MR2
FortiOS firmware version 4.00 MR3


Solution
Use the following CLI commands to configure Layer 2 Tunneling Protocol (L2TP) VPN with FortiOS version 4.00 MR2 or MR3. Configuring L2TP using the web based manager is not supported.

 
config vpn l2tp
  set status enable
  set sip 10.11.12.100
  set eip 10.11.12.200
  set usrgrp l2tpgrp
end

For the commands above, you must first set up a user group. To do this, go to User > User Group.

New User

agodwin_localuser.jpg

User Group

agodwin_usergrp.jpg

Create a Address object for the L2TP range as below

config firewall address
    edit "l2tp_range"
        set type iprange
        set end-ip 10.11.12.200
        set start-ip 10.11.12.100
    next
end




Then configure the firewall policy as below

config firewall policy
 edit 1
        set srcintf "wan1"
        set dstintf "internal"
            set srcaddr "l2tp_range"
            set dstaddr "all"
        set action accept
        set schedule "always"
            set service "ANY"
    next
end




Then configure the in-built microsoft client as below
Step 1:



Step 2:



Step 3:



Step 4:



Step 5:



Step 6:



Step 7:



Step 8:



Final step to connect L2TP VPN



To check the logs, run the below Debug commands on the Fortigate unit:

diag debug reset
diag debug disable
diag debug appl l2tp -1
diag debug enable



Contributors