[ATP/FLEX] How to Set Up L2TP IPSec VPN with AD Authentication on Nebula?

Nebula_Yvonne
Nebula_Yvonne Posts: 55  Zyxel Employee
First Comment Friend Collector Fifth Anniversary
edited June 2023 in VPN

Nebula Cloud provides VPN solutions that can authenticate through an AD server for L2TP over IPsec VPN / IPsec VPN.


Configure Steps

Using Windows Server 2016 as the AD server

1.     AD server installation

Install an AD Server and set it as a domain controller. If installed in a virtual machine, make sure that the virtual NIC needs to be bridged to the physical NIC.

2.     AD server configuration

Navigate to Configure > Firewall > Firewall settings, input the name, server IP address, AD domain, and administrator username/password. The default service port is 389.


3.    L2TP over IPsec Remote VPN configuration

Navigate to Configure > Firewall > Remote access VPN, input the secret and select the AD server as the Authentication method


4.   Set up L2TP VPN on Windows PC

Settings > Network & Internet > VPN > Add a VPN connection

a.     VPN Provider: Drop down to select Windows(built-in)

b.     Input Connection name

c.     Input Nebula device Public IP

d.     VPN type: L2TP/IPsec with pre-shared key

e.     Per-shared key: input the pre-shared key that set up on Nebula

f.      Input VPN username/password(which is the user on AD server)


g.     Navigate to Control Panel > Network and Sharing Center > Change Adapter settings, tick the VPN interface we just added > Properties > Security, make sure the VPN type is L2TP/IPsec and tick “Unencrypted password(PAP)”


Test the Result