Register Now


Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

How To Configure L2TP VPN In Sophos XG Firewall

Here in this article we will learn how to configure L2TP VPN between sophos XG firewall and microsoft windows 10 machine.

Configure L2TP Policy In Sophos XG firewall

Login to sophos XG firewall GUI and Click on VPN >> L2TP remote access and then click ADD


Fill the following details in L2TP VPN as per your requirement

Name: Enter any Name for L2TP VPN policy.

Policy: Select VPN policy based on your requirement. This policy describes encryption and hashing algorithms which will be used to establish VPN tunnel securely.

Gateway Type:

Gateway type option defines action to take when VPN service or firewall restarts. Disable and Respond only are available options

Disable: If the action set to Disable, connection remains inactive until user activates it

Respond only: If the gateway set to respond only, it keeps the connection to respond to any incoming request.

Authentication Details: We can use either preshared key or certificates as authentication method. In this article we will learn how to use preshared key as authentication method.

Local WAN port: Under local WAN port section, select WAN interface of the firewall. In case if you have multiple WAN interfaces in the firewall, select the interface which will be used to connect to the L2TP VPN connection.

Local ID: This is optional field. In case if you have multiple VPN tunnels, this field will be used to differentiate the tunnel connection.

Remote Host: You can specify IP address of the remote end point. In case if yo want to accept from any host leave it as “*”

Allow NAT traversal: Enable NAT traversal to pass through any NAT device.

Remote Subnet: Enter remote subnet from where clients are connecting to L2TP VPN.

Remote ID: Remote ID is optional field will be used to identify VPN tunnels.

Local Port: In place of local port mention 1701 as L2TP VPN will listen on that port.

Remote Port: Remote port will be any random port. It will use TCP or UDP. To keep as any select *.

Disconnect when tunnel is idle: This option will be used to disconnect tunnel when no traffic is passing through tunnel

Idle session time interval: Idle clients will be disconnected after this time.

Sample L2TP Policy Settings:

general settings l2tp policy
General Settings
remote network coniguration
Remote network configuration

Configure L2TP VPN In Windows Machine:

As we are using preshared key for establishing L2TP VPN authentication, we need to change default authentication mechanism in windows machine.

Search for “windows firewall with advanced security” as shown in below image

windows defender firewall
Windows firewall with advanced security

Click on properties option as shown in below image


Click on IPSEC settings and then click on customize

ipsec settings
IPSEC settings

As shown in below image click on advanced then click on customize

advanced tab
Advanced Tab

Here by default authentication mechanism set to “Kerberos V5” as shown in below image

authentication method

Remove kerberos and and add authentication method as preshared key as shown in below image

preshared key
Authentication Mehod

Now click on ok in all the tabs.

Now we need to create L2TP VPN connection in end user machine. Click on the network connections by right clicking on the start option as shown in below image

network connections
Network connections

Then click on VPN tab and then add connection as shown in below image

L2TP configuration
VPN connection configuration

Now in the same tab, click on ethernet tab and click on adapter options as shown in the below image

adapter options
Adapter Options

Right click on specific L2TP connection and click on properties tab

L2TP connection properties
L2TP properties

Click on the security tab and then click on allow these protocols and select Microsoft chap version as shown in below image

MSchap authentication
Allow these protocols

Now we are goof to go, we can click on connect to VPN. Before doing that we need to configure L2TP settings in firewall for assigning IP address to client and adding L2TP members.

L2TP settings:

Click on VPN then click on show VPN settings and click on L2TP as shown in below image

L2TP settings
L2TP settings

In the same image you can assign IP address to L2TP clients as shown in below image

IP assigning
General settings

You can add L2TP members to L2TP VPN by clicking on add members as shown in below image

show members
Add members

Once you added VPN members you can go to VPN connections and click on connect as shown in below image

VPN connection
VPN connection

Now L2TP VPN will be connected.

Hope this article helps you.