I successfully established L2TP/IPSec tunnel from W2K/WXP native client to ASL 5.200 with certificate.
Since documentation for L2TP_roadwarrior describes only example for preshared key, I am still a little bit confused:
After creating L2TP user (under definitions>users), new entry is generated under definitions>networks (username (L2TP user) autogenerated).
After creating Host certificate (CA) new entry is generated under definitions>networks (userkey (IPSec key) autogenerated).
Both, username and userkey (certificate) are used to establish connection, but after bringing tunnel up, username “L2TP user” gets ip address from L2TP pool, userkey remains inactive?!?
Username can be used in packet filters, which is fine because packet filter can be set per user and not for whole L2TP IP pool. Bad thing is that every user must have its own packet filter. Since I have group of users, which have same packet filter rules, I would like to use some sort of user groups.
Under Definitions>Networks it is possible to create new network, which has “IPSec user group” type.
Is it possible to use such definition in connection with L2TP/certificate user?
thx
This thread was automatically locked due to age.
