Support Center > Search Results > SecureKnowledge Details
Configuring Native L2TP Client on iPhone/Android to work with Security Gateway Technical Level

Gateway Configuration

To configure the L2TP Support for the gateways:

  1. Enable L2TP on the specific gateway: ('Gateway Properties > IPSEC VPN > Remote Access') Select "Support L2TP" checkbox:

    L2TP definition on the GW

  2. From the main menu, click Global Properties > Remote Access > VPN - Authentication', select "Support L2TP with Pre-Shared Key".

  3. L2TP requires Office Mode definition for the Security Gateway: 'Gateway Properties > Remote Access > Office Mode'.


    • Allow Office Mode to all users (or to a specific group).
    • Define the Office Mode method. i.e. "Manual (Using IP pool)" and define the Office Mode network pool addresses:

    Office Mode definition on GW

    Configure the DNS server of the organization and its domain suffix in the "IP Pool Optional Parameters" window: (Office Mode enables a Security Gateway to assign a remote client an IP address. The assignment takes place once the user connects and authenticates. The assignment lease is renewed as long as the user is connected. The address may be taken either from a general IP address pool, or from an IP address pool specified per user group. The address can be specified per user, or via a DHCP server, enabling the use of a name resolution service. With DNS name resolution, it is easier to access the client from within the corporate network.)

    DNS configuration

    * For more Office Mode configurations methods and options go to the VPN Gateway Admin guide.

  4. Configure a global Pre-Shared key: 'Global Properties > Remote Access > VPN Authentication > Support L2TP with Pre-Shared key':

    pre shared configuration

    Note: For Security Gateway versions before R71 there was no GUI for configuring the Pre-Shared key.

    It was configured in a file calls l2tp.conf on the Security Gateway under $FWDIR/conf.

iPhone Configuration

To configure L2TP on the iPhone:

  1. From your iPhone home screen, go to 'Settings > General > Network > VPN > Add Configuration'.
  2. In the L2TP page: Provide your VPN-1 server FQDN (DNS name) or IP address, your user name, and the global shared secret:

    l2tp on iPhone

Connecting to the VPN Security Gateway:

Go to Settings and set the VPN switch to "ON". The Password screen appears. Enter your password or (if used) your RSA SecurID one-time-password.

Android Configuration

To configure L2TP on the Android device:

  1. Go to device's 'Settings > Wireless & Networks > VPN Settings > Add VPN' and select "Add L2TP/IPSec PSK VPN". The following window will appear:

    Android L2TP definition on iPhone

  2. In the opened window:
    1. Give a VPN Name to your connection (i.e. MyVpn).
    2. In "Set VPN server", provide your VPN-1 server FQDN (DNS name) or IP address.
    3. In "Set IPSec preshared key", set the global pre shared secret key.
    4. LT2P secret and IPSec identifier fields should be empty
    5. You might be asked to enter the storage credentials. In case it is the first time that you are using the storage, you will have to define a new password for it.
    6. Tap on menu to save changes.
  3. The VPN Connection will be added to your VPN Settings configuration.

Connecting to the VPN Security Gateway

Go to device's 'Settings > Wireless & Networks > VPN Settings' and select your VPN connection. The user name and Password screen appears. Enter your credentials for authentication.

Important: We don't recommend using the L2TP option in Android due to security vulnerability issues.

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
Applies To:
  • sk42491 and sk44967 have been merged into sk63324.

Give us Feedback
Please rate this document