Add L2TP over IPSec Filters

  • Article

Updated: April 30, 2010

Applies To: Windows Server 2008, Windows Server 2008 R2

Add L2TP over IPsec Filters

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To select the L2TP over IPsec interface

  1. Open the Routing and Remote Access MMC snap-in.

  2. In the console tree, expand the server name, expand IPv4, and then click General.

  3. In the details pane, select the interface on which you want to enable L2TP over IPsec inbound and outbound filtering.

  4. Scroll to the IP Address column, and then write down the IP address assigned to the interface.

  5. Right-click the interface, and then click Properties.

Notes

  • All six filters — three inbound and three outbound — work together to complete L2TP over IPsec packet filtering. The L2TP over IPsec filtering is not secure unless all six filters are configured correctly.

  • If the six filters are the only filters configured, then the only traffic that is allowed in and out of the interface is L2TP over IPsec traffic to and from the L2TP over IPsec server and client.

To set L2TP over IPsec inbound filters

To set L2TP over IPsec inbound filters, you must configure up to three inbound filters and set the appropriate action for each filter.

  1. Click Inbound Filters.

  2. In the Inbound Filters dialog box, click New, and then configure one of the three inbound filters as indicated in the section Packet filters for Layer Two Tunneling Protocol over Internet Protocol security (L2TP/IPsec) in Appendix B: VPN Servers and Firewall Configuration in the RRAS Design Guide.

  3. Click OK.

  4. To set the action for the filter, in the Inbound Filters dialog box, select the filter, and then select Drop all packets except those that meet the criteria below.

  5. Repeat steps 2 through 4 for each of the remaining filters.

  6. Click OK when you have configured all three inbound filters.

To set L2TP over IPsec outbound filters

To set L2TP over IPsec outbound filters, you must configure up to three outbound filters and set the appropriate action for each filter.

  1. Click Outbound Filters.

  2. In the Outbound Filters dialog box, click New, and then configure one of the three outbound filters as indicated in the section Packet filters for Layer Two Tunneling Protocol over Internet Protocol security (L2TP/IPsec) in Appendix B: VPN Servers and Firewall Configuration in the RRAS Design Guide.

  3. Click OK.

  4. To set the action for the filter, in the Outbound Filters dialog box, select the filter, and then select Drop all packets except those that meet the criteria below.

  5. Repeat steps 2 through 4 for each of the remaining filters.

  6. Click OK when you have configured all three outbound filters.