Step-by-Step guide for configuring an L2TP Over IPSec Tunnel with NetScreen-Remote. 

Note that if using Windows 2000/XP native VPN client you must use PKI certificates.  Refer to application note found at KB10939 - Configuring a Dial-up VPN Using Windows XP Client with L2TP Over IPSec (without NetScreen-Remote).

This article applies to ScreenOS 5.0 and above.

The purpose of Layer 2 Tunneling Protocol (L2TP) is simply to permit the administrator of the local Juniper Firewall device to assign IP addresses to remote dial-up users. These addresses can then be referenced in policies. Although a dial-up user can be authenticated using Challenge Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP), an L2TP tunnel is not encrypted, and therefore is not a secure method for encapsulating data. To encrypt an L2TP tunnel, you need to apply an encryption scheme to the L2TP tunnel. This combination is called L2TP-over-IPSec. You can create an L2TP-over-IPSec tunnel between a Juniper Firewall/VPN gateway and a host PC running NetScreen-Remote on Windows 2000, XP or Vista operating systems.

To configure an L2TP over IPSec tunnel, perform the following steps:

Configure an L2TP over IPSec user on the Juniper Firewall. For more information on configuring an L2TP over IPSec user, go to Configuring an L2TP over IPSec User on the Juniper Firewall.

Configure an L2TP user group on the Juniper Firewall. For more information on configuring an L2TP user group, go to Configuring an L2TP User Group on the Juniper Firewall.

Configure an L2TP group gateway on the Juniper Firewall. For more information on configuring an L2TP group gateway, go to Configuring an L2TP Group Gateway and VPN on the Juniper Firewall.

Configure an L2TP IP pool on the Juniper Firewall. For more information on configuring an L2TP IP pool, go to Configuring an L2TP IP Pool on the Juniper Firewall.

Configure the L2TP VPN default settings on the Juniper Firewall. For more information on configuring the L2TP VPN default settings, go to Configuring the L2TP VPN Default Settings on the Juniper Firewall.

Configure an L2TP VPN tunnel on the Juniper Firewall. For more information on configuring the L2TP VPN tunnel, go to Configuring the L2TP VPN Tunnel on the Juniper Firewall.

Configure an L2TP VPN policy on the Juniper Firewall. For more information on configuring the L2TP VPN policy, go to Configuring an L2TP VPN Policy on the Juniper Firewall.

Configure an L2TP Connection on the Remote Side. For more information on configuring an L2TP connection on the remote side, go to Configuring an L2TP Connection on the Remote Side.

Make an L2TP Connection from Windows 2000/XP. For more information on making an L2TP connection from Windows 2000/XP, go to Making an L2TP Connection from Windows 2000/XP.

Troubleshooting