l2tp vpn settings members

Question

Hello, can some, please, explain me the sense of adding members button on the l2tp vpn settings on xg firewall? The l2tp (remote access) section, allows for the creation of multiple profiles each with its own PSK or digital certifcate. How do they go together? I'm using v18 mr4 and, If I set a PSK on an l2tp profile, the PSK in the 'IPSEC (Remote access)' is replaced by this.

This thread was automatically locked due to age.

emmosophos · Accepted Answer

Hello ClerpremSpa, 
 This isn&rsquo;t a bug, basically, you are building SA, once you add a wildcard tunnel (*) (By default L2TP shows this) it isn&rsquo;t possible for the XG to differentiate the tunnels anymore, you can test this by adding in an IPsec tunnel for Remote Gateway Address (*) it would give you a warning that it will update all of the tunnels with this PSK. 
 However, in future releases, you would be able to use identities (Remote/Local), which should solve this problem. 
 On IPsec tunnels, you can mitigate also this by using certificates. 
 Regards,

FormerMember · Answer

Hi ClerpremSpa , 
 Thank you for reaching out to the Community! 
 Adding the member from the VPN setting > L2TP > Add members will turn on L2TP VPN for that user. By default, it&rsquo;s turned off. 
 Reference screenshot: 
 
 You can configure a new profile with the digital certificate authentication but not on the same interface. You could configure the alias interface and use it with the new profile on the second WAN connection. 
 The PSK configured for the IPsec(Remote Access) won&rsquo;t be replaced by the L2TP. 
 Thanks,

l2tp vpn settings members

Top Replies