Overview
The article describes the procedure to configure an L2TP VPN remote access on a Sophos XG Firewall.
Type the Service Name as VPN L2TP. Click Create to create the L2TP VPN connection. Set the server address as 10.0.0.1 (Sophos Firewall's WAN IP Address) and Account Name as john.smith (Sophos Username). Click Authentication Settings to specify the password and the shared key. Windows 10 Client Configuration (L2TP) On Windows 10 go to Settings Network & Internet VPN. Click + Add a VPN connection. Create a basic Windows (Built-in).
How to configure an L2TP VPN remote access
Enable L2TP VPN connections, assign IP addresses and add members
- Go to VPN > Show VPN Settings.
- Select the L2TP tab. Complete the following fields under the General Settings and Client Information sections and then click Apply.
Field | Value |
---|---|
Enable L2TP | Check Enable |
Assign IP from | Enter the IP address range to lease. |
Allow leasing IP address from RADIUS server for L2TP, PPTP, and CISCO VPN client | Optional, check this if you want to lease IP’s through RADIUS. |
Primary DNS Server | Select a DNS Server from the drop-down list, or you can specify the DNS server by selecting Other. |
Secondary DNS Server | Select a DNS Server from the list, or you can specify the DNS server by selecting Other. |
Primary WINS Server | Optional |
Secondary WINS Server | Optional |
- Click Add Member(s) to add an L2TP member. In this example, we’ve selected happy to add as an L2TP member.
- Click Apply to save the changes.
Create an L2TP policy
- Go to VPN > L2TP (Remote Access) and click Add to add an L2TP connection.
- Complete the following image and then click Save.
Sophos L2tp Split Tunnel
- Click the red icon under the Active column to activate the connection. Once connected it will show up as green.
Create a firewall rule
Sophos L2tp Active Directory
- Go to Firewall, click Add Firewall Rule and select User/Network Rule.
- Configure the rule as follows:
Sophos L2tp Vpn Setup Windows 10
- Click Save.
- Note: It is possible for the remote host to access the internet via the XG Firewall. To do this, create a firewall rule with VPN as the source zone and WAN as the destination zone.