Enter model number to find the articles related product applications, FAQ and user experience..
The Nebula Cloud platform offers an option to allow L2TP VPN users to authenticate wired/wireless networks using RADIUS and(or) AD servers, when connecting to local domain controllers in the network.
Prerequisite: Client VPN IP addresses cannot overlap with the LAN subnet addresses.
Scenario: Setup an L2TP VPN connection with RADIUS/AD servers in Windows server 2008.
Preparation: NSG100 *1, NSW100 *1, RADIUS Server *1 and AD Server *1 in Windows server 2008, iPhone 6S+ *1 and laptop x1.
NCC Configuration for Authentication Server
1. Go to Gateway > Configure > My authentication server > My RADIUS Server > Add
2. Enter information on the My Radius Server screen and click Save
In order to use the My RADIUS server option, it is required to configure the RADIUS server and Active Directory roles in the domain controller.
Radius Server Configuration
3. Add a new RADIUS client
Go to Server Manager > Role > Network Policy and Access Services > NPS(local) > RADIUS Clients and Servers > RADIUS Client > New RADIUS Client. Enter information in the fields framed in red as shown next and then click OK.
4. Add a new connection request policy.
Go to Server Manager > Role > Network Policy and Access Services > NPS(local) > Policies > Connection request policies > New.
Enter the policy name (e.g.: USG) and then click Next.
Select Client IPv4 Address > Add. Enter the NSG100's WAN IP Address (e.g.: 126.96.36.199) and then click OK.
Active Directory Server Configuration
5. Add new a AD user.
Go to Server Manager >Role > Active Directory Domain Services > Active Directory Users and Computers > zyxel.cso.com > Users > New > User.
Enter the user logon name (e.g:email@example.com) and click Next
Enter a password, then click Next and then Finish.
NCC for L2TP VPN Client Configuration
6.Go to Gateway > Configure > L2TP over IPSec client > Toggle on. Configure information in the fields in red as shown next and click Save.
L2TP VPN Configuration on an End User device
(The configuration uses an iPhone for the example.)
7. Go to iPhone > Setting > General > VPN > Add VPN Configuration > Type > L2TP
Connecting to an L2TP VPN from the End User Device
8. Go to iPhone > Setting > Toggle on VPN.
L2TP Connection Result on the End User Device
9. Go to iPhone > Setting > General > VPN.
L2TP Connection Result on NCC
10. Go to GATEWAY > Monitor > Event log > Category > Enter Auth > Search Event log to display L2TP client login information.
L2TP Connection Result on Event viewer in Windows Server 2008
11. Go to Server Manager > Diagnostics > Custom views >Event Viewer> ServerRoles > Network Policy and Access Services.
Scenario Result for Authorizing L2TP Client with the Authentication Server
The L2TP Client (IP 10.20.20.1) should be able to access a LAN host (192.168.1.6).
Still have trouble with your device? Contact Zyxel technology support team directly!Contact Zyxel Support