Method used to configure the L2TP over IPSec user address segment on the USG2000 and USG5000

The method used to configure the L2TP over IPSec user address segment on the USG2000 and USG5000 is as follows:
Configure the L2TP over IPSec user address segment using the CLI:
# Define an address pool and allocate an IP address to the dial-up user.
[LNS] aaa
[LNS-aaa] ip pool 1 10.1.1.1 10.1.1.100
# Set the user name and password (consistent with those configured on the PC of the employee on a business trip).
[LNS-aaa] local-user vpdnuser password cipher Hello123
[LNS-aaa] quit
# Allocate an address in the IP address pool to the peer interface.
[LNS] interface virtual-template 1
[LNS-Virtual-Template1] remote address pool 1
[LNS-Virtual-Template1] quit

Configure the L2TP over IPSec user address segment using the web UI:
Configure the L2TP parameters.
1. Choose Network > L2TP > L2TP.
2. In Configure L2TP, select Enable and click Apply.
3. In L2TP Group List, click New.
4. Set Group Type to LNS.
5. Configure the L2TP parameters.
The server address shall be in the same network segment as the address in the address pool. In this way, you do not need to configure a route. Peer Tunnel Name must be consistent with Local Tunnel Name configured on the LAC.
Group Type: LNS
Peer Tunnel Name: LAC
Tunnel Password Authentication: Enable
Password Type: Ciphertext
Tunnel password: Hello123
Confirm Tunnel password: Hello123
User Group: default

Set the user address allocation parameters as follows:
Server Address/Subnet Mask: 10.2.1.1/255.255.255.0
User Address Pool: 10.2.1.2-10.2.1.100
6. Click OK.

Scroll to top