Professional Documents
Culture Documents
How To Configure
Windowsconnection
7 VPN Client for L2TP
connection
with MS-CHAP
L2TP
with
MS-CHAP
v2v2 Authentication
Authentication
Cyberoam supports L2TP connection between Cyberoam and Windows 7 VPN Client.
Cyberoam has extended the authentication protocol support to MS-CHAP v2 for L2TP, apart from
PAP.
MS-CHAP-V2 is the Microsoft Challenge-Handshake Authentication Protocol v2. CHAP provides the
same functionality as PAP, but does not send the password and other user information over the
network.
Scenario
This article consists of two sections:
1. Cyberoam Configuration
2. Windows 7 Configuration
Cyberoam Configuration
You must be logged on to the Web Admin Console as an administrator with Read-Write permission
for relevant feature(s).
Step 1: Configure L2TP
Go to VPN > L2TP > Configuration and click Enable L2TP. Specify the parameters as given below.
Parameters
Value
Description
Assign IP from
172.16.16.211 172.16.16.225
<As
configured
Network>
<As
configured
Network>
in
in
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Select the L2TP members. Here, as an example, we have selected john.smith as the L2TP member.
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Value
Description
Name
Head_Branch
Policy
DefaultL2TP
Select policy
connection.
to
be
applied
to
the
L2TP
Respond Only
Available Options:
Respond Only Keeps connection disabled till
the user responds.
Disable Keeps connection disabled till the user
activates.
Select Authentication Type
Authentication Type
Preshared Key
Remote Host
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Enabled
Any IP Host
Local Port
1701
Specify * for any port.
Default - 1701
Remote Port
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Execute the following command at the console prompt to use MSCHAP v2 authentication for your
clients:
set vpn l2tp authentication MS_CHAPv2
Windows 7 Configuration
Follow the steps below to configure the user machine to connect to Cyberoam using L2TP.
Switch to IPSec Settings tab and under IPSec Defaults, click Customize to display the Customize
IPSec Settings window.
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Under Authentication Method, select Advanced and click Customize to display the Customize
Advanced Authentication Methods window.
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
Select the current First Authentication Method, in this case Computer (Kerberos V5) and click
Remove.
In the Add First Authentication Method screen, select Preshared Key and specify the Preshared Key
configured in Cyberoam (Cyberoam Configuration step 3).
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
In the L2TP tab, select Use preshared key for authentication and specify the key configured in
Cyberoam.
How To Configure Windows 7 VPN Client for L2TP connection with MS-CHAP v2 Authentication
The above configuration establishes an L2TP connection using MSCHAPv2 authentication between
Cyberoam and a Windows 7 machine.
Note:
Login to CLI console and go to option 4 Cyberoam Console and type the command - show vpn
logs to check the logs.
These logs help in troubleshooting in case the L2TP connection fails.