How To – Configure Windows 7 VPN Client for L2TP connection

How To – Configure Windows 7 VPN Client for
How To – Configure
Windowsconnection
7 VPN Client for L2TP
connection
with MS-CHAP
L2TP
with
MS-CHAP
v2v2 Authentication
Authentication
Applicable Version: 10.00 onwards
Overview
Cyberoam supports L2TP connection between Cyberoam and Windows 7 VPN Client.
Cyberoam has extended the authentication protocol support to MS-CHAP v2 for L2TP, apart from
PAP.
MS-CHAP-V2 is the Microsoft Challenge-Handshake Authentication Protocol v2. CHAP provides the
same functionality as PAP, but does not send the password and other user information over the
network.
Scenario
This article consists of two sections:
1. Cyberoam Configuration
2. Windows 7 Configuration
Cyberoam Configuration
You must be logged on to the Web Admin Console as an administrator with Read-Write permission
for relevant feature(s).
Step 1: Configure L2TP
Go to VPN > L2TP > Configuration and click Enable L2TP. Specify the parameters as given below.
Parameters
Value
Description
Assign IP from
172.16.16.211 172.16.16.225
Primary DNS Server
<As
configured
Network>
Secondary DNS Server
<As
configured
Network>
Specify IP Address range if L2TP server has to
lease IP Addresses.
Select Primary DNS Server from the list.
in
Alternately, you can also specify DNS Server by
choosing “Other” from the list.
Specify Secondary DNS server.
in
Alternately, you can also specify DNS Server by
choosing “Other” from the list.
How To – Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Click Apply to save changes.
Step 2: Add L2TP Members
Click Add Member(s) to add the users who would connect to Cyberoam using L2TP.
Select the L2TP members. Here, as an example, we have selected john.smith as the L2TP member.
How To – Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Click Apply to save changes.
Step 3: Create L2TP Connection
Go to VPN > L2TP > Connection and click Add to add an L2TP connection as per parameters
below.
Parameters
Value
Description
Name
Head_Branch
Enter a unique name to identify L2TP Connection.
Policy
DefaultL2TP
Select policy
connection.
to
be
applied
to
the
L2TP
Select an action to be taken on the connection
when VPN services or Appliance restarts.
Action on VPN Restart
Respond Only
Available Options:
Respond Only – Keeps connection disabled till
the user responds.
Disable – Keeps connection disabled till the user
activates.
Select Authentication Type
Authentication Type
Preshared Key
Preshared Key authentication is a mechanism
whereby a single key is used for encryption and
decryption. Both the peers should have the
Preshared Key.
After selecting this option, mention the Key to be
used.
Local WAN Port
<Select WAN Port)
Select Local WAN Port.
Remote Host
*
Specify IP Address or host name of of remote
end-point. Specify * for any IP Address.
How To – Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Allow NAT Traversal
Remote LAN Network
Enabled
Enable NAT traversal if a NAT device is located
between your VPN endpoints when remote peer
has private/non-routable IP Address.
Any IP Host
Select IP Addresses and netmask of remote
network which is allowed to connect to the
appliance server through VPN tunnel.
Specify the Local Port number that the local VPN
peer uses to transport traffic related to TCP or
UDP protocol.
Local Port
1701
Specify * for any port.
Default - 1701
Remote Port
*
Specify the Remote Port number that the remote
VPN peer uses to transport traffic related to TCP
or UDP protocol.
Specify * for any port.
How To – Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Click OK to save the connection.
Step 4: Activate Connection
Click the red icon under 'Active' column to activate the connection.
How To – Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Step 5: Configure MS CHAP authentication
Perform the steps for configuring MS CHAP authentication.

Login to CLI Console and select Option 4 – Cyberoam Console.

Execute the following command at the console prompt to use MSCHAP v2 authentication for your
clients:
set vpn l2tp authentication MS_CHAPv2
Windows 7 Configuration
Follow the steps below to configure the user machine to connect to Cyberoam using L2TP.
Step 1: Change the default Authentication Mechanism to Preshared Key
Go to Start Menu > Control Panel > Administrative Tools and double-click Windows Firewall with
Advanced Security. Select Properties to display the Windows Firewall with Advanced Security on
Local Computer window.
Switch to IPSec Settings tab and under IPSec Defaults, click Customize to display the Customize
IPSec Settings window.
How To – Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Under Authentication Method, select Advanced and click Customize to display the Customize
Advanced Authentication Methods window.
How To – Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Select the current First Authentication Method, in this case Computer (Kerberos V5) and click
Remove.
Click Add to add another First Authentication Method.
In the Add First Authentication Method screen, select Preshared Key and specify the Preshared Key
configured in Cyberoam (Cyberoam Configuration step 3).
How To – Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Click OK in all the cascading windows.
Note:
Make sure that IPSec Policy Agent and IKE and AuthIP IPSec Keying Modules in the machine are
running without error.
Step 2: Create the L2TP Connection in User Machine
Go to Start > Control Panel > Network and Sharing Center and click Setup a new connection or
network. Follow further steps as per screens shown below.
How To – Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
How To – Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
How To – Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Step 3: Configure Authentication Mechanism of the L2TP Connection
After Connection is established, click the Network symbol on the System Tray and right-click the
connection created in step 2. Click Properties to open the Properties window.
Switch to Security tab and click Advanced Settings under Types of VPN
How To – Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
In the L2TP tab, select Use preshared key for authentication and specify the key configured in
Cyberoam.
Click OK to save settings.
How To – Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
The above configuration establishes an L2TP connection using MSCHAPv2 authentication between
Cyberoam and a Windows 7 machine.
Note:
Login to CLI console and go to option 4 – Cyberoam Console and type the command - show vpn
logs to check the logs.
These logs help in troubleshooting in case the L2TP connection fails.
Document Version: 2.0 – 3 March, 2015
Open as PDF
Similar pages