Chapter 3 Authentication for FortiOS 5.0 : Configuring authenticated access : VPN authentication : Configuring authentication of L2TP VPN users/user groups
  
Configuring authentication of L2TP VPN users/user groups
Configuration of a L2TP VPN is possible only through the CLI. You can configure user groups and security policies using either CLI or web-based manager.
To configure authentication for a PPTP VPN
1. Configure the users who are permitted to use this VPN. Create a user group and add them to it.
For more information, see “Users and user groups”.
2. Configure the L2TP VPN in the CLI as in this example.
config vpn l2tp
set status enable
set sip 192.168.0.100
set eip 192.168.0.110
set usrgrp L2TP_Group
end
The sip and eip fields define a range of virtual IP addresses assigned to L2TP clients.
3. Configure a security policy. The source interface is the one through which the clients will connect. The source address is the L2TP virtual IP address range. The destination interface and address depend on the network to which the clients will connect. The policy action is ACCEPT.