L2TP over IPsec from Smart VPN to Vigor Router

This document introduces how to set up Vigor Router as a VPN server for L2TP over IPsec, as well as how to use Smart VPN  built-in VPN feature to establish a VPN to Vigor Router and access the Vigor Router's LAN network.

Setup on Vigor Router

1.Go to VPN and Remote Access >> Remote Access Control Setup to make sure "Enable IPsec VPN Service" and "Enable L2TP VPN Service" are checked.

2. Create a remote dial-in user profile: Go to VPN and Remote Access >> Remote Dial-in User, click on an available index to edit the profile.

3.Edit the profile as follows:

  1. Check Enable this profile
  2. For Allowed Dial-In Type, check L2TP and set IPsec Policy to "Must"
  3. Give it a username and password
  4. Click OK to save.

4. Go to VPN and Remote Access >> IPsec General Setup, enter a Pre-Shared key and confirm it again. Then click OK to save.

For windows 10 users, it is recommended to choose Basic as IPsec Security Method.

VPN client Setup

1. Open Smart VPN Client on the VPN client, and click settings to disable support for L2TP / L2TP over IPSec.

(Download the latest version here)

2. Click Profiles, a warning will pop up at this time, please click OK to restart.

3. Click Profiles> Add, select L2TP over IPSec as the server type, fill in the IP address of the WAN end of the Vigor router with the IP address, fill in the VPN username and password, and remember my login information is Enable, click on the advanced option to fill in the IPSec pre-shared key.

※ If you need to switch the Internet traffic to the remote Vigor router, please click on the advanced option to enable the default gateway on remote network.

4. Switch to [connection] and click. If the operating system pops up a firewall warning, click OK to continue.

5. After the connection is successful, the Smart VPN window will shrink to the taskbar in the lower right corner of the operating system. Click the small icon in the red box twice, you can see that the Smart VPN status shows that it is connected.

Now, the router is ready for remote dial-in clients. Network Administrator may check the online users from VPN and Remote Access >> Connection Management page.

1. Navigate to User Management >> User Profile, click Add to add a new profile, and configure as followings:

    1. Check Enable
    2. Type Username and Password
    3. Select "Enable" for L2TP Dial-In
    4. Then click Apply to save the User profile.
    a screenshot of Vigor3900 User Profile setup 

    2. Go to VPN >>Remote Access Control and select L2TP over IPsec as IPsec Remote Dial-In Service

    a screenshot of Vigor3900 Remote Access Control 

    3. Go to VPN >> IPsec General Setup and enter Preshared Key.

    a screenshot of Vigor3900 IPsec General Setup 

Published On: 2020-04-07 

Was this helpful?   

book icon

Related Articles