[NEBULA] How to setup L2TP VPN client connection with Authentication Server?

Options
Zyxel_CSO
Zyxel_CSO Posts: 378  Zyxel Employee
First Anniversary 10 Comments Friend Collector First Answer
edited June 2023 in Nebula Security Gateway
Nebula Cloud platform offers the option to allow L2TP VPN users to authenticate wired/wireless networks over radius and(or) AD servers, connecting to local domain controllers in the network.

Prerequisite: Client VPN IP addresses cannot overlap LAN subnet
Scenario: Setup L2TP VPN connection with Radius/AD servers in Windows server 2008
Preparation: NSG100 *1, NSW100 *1, RADIUS Server *1 and AD Server *1 in Windows server 2008, iPhone 6S+ *1 and Laptop x1

qrqvbir00hei.jpg

NCC Configuration for authentication server
1. Configure > Security gateway > Gateway settings > Authentication server > My RADIUS Server > Add
5r67xhuernpx.png

2. Enter information in My Radius Server > Save
p5ouhkabjg2l.png

In order to use My RADIUS server option, user is required to configure the Radius server and Active Directory roles in the domain controller
Radius Server Configuration

3. Add new RADIUS Client
Server Manager > Role > Network Policy and Access Services > NPS(local) > RADIUS Clients and Servers > RADIUS Client > New RADIUS Client > Enter information in red > OK
l4nkc2guf70y.png

4. Add new RADIUS Client
sym4ruo9fbx9.png

Enter Policy name (eg: USG) > Next
uwce2n7xm5hf.png

Select Client IPv4 Address > Add > Enter WAN NSG100 IP (eg: 10.214.30.67) > OK
3ev2nuatojdg.png


Active Directory Server Configuration
5. Add new AD user
Server Manager >Role > Active Directory Domain Services > Active Directory Users and Computers > zyxel.cso.com > Users > New > User
35f7wtizhr5p.png

Enter user logon name (eg: james@zyxel.cso.com) > Next
wd0o0frxsu51.png

Enter password > Next > Finish
7muizv803iq9.png
tzdhln5wp6rt.png

NCC for L2TP VPN client configuration
6. Configure > Security gateway > L2TP over IPSec client > Toggle on > Configure information in red > Save
q4lw64fu6oun.png

L2TP VPN configuration on the end user (eg: iOS device)
7. iPhone > Setting > General > VPN > Add VPN Configuration > Type > L2TP
s829pyzpjn91.jpg

Connecting L2TP VPN from the end user (eg: iOS device)
8. iPhone > Setting > Toggle on VPN
ngyhj6fzhapv.png

L2TP Connection Result in End Client (Eg: iOS device)
9. iPhone > Setting > General > VPN
8z4izd8nc9nz.png

L2TP Connection Result on NCC
10. Monitor > Security gateway > Event log > Category > Enter Auth > Search
Event log displays L2TP client login information
k1ys7yxidjd5.png

L2TP Connection Result on Event viewer in Windows Server 2008
Server Manager > Diagnostics > Custom views >Event Viewer> ServerRoles > Network Policy and Access Services
y0tsjodzurtt.png

Scenario Result for authorizing L2TP Client over Authentication Server
L2TP Client IP 10.20.20.1 can access LAN host 10.214.30.16.
Tagged: