Chapter 10 Install and System Administration for FortiOS 5.0 : PPTP and L2TP : L2TP configuration overview : Defining firewall source and destination addresses
  
Defining firewall source and destination addresses
Before you define the security policy, you must define the source and destination addresses of packets that are to be transported through the L2TP tunnel:
For the source address, enter the range of addresses that you reserved for remote L2TP clients (for example 192.168.10.[80-100]).
For the destination address, enter the IP addresses of the computers that the L2TP clients need to access on the private network behind the FortiGate unit (for example, 172.16.5.0/24 for a subnet, or 172.16.5.1 for a server or host, or 192.168.10.[10-15] for an IP address range).
To define the firewall source address
1. Go to Firewall Objects > Address > Addresses and select Create New.
2. In the Address Name field, type a name that represents the range of addresses that you reserved for remote clients (for example, Ext_L2TPrange).
3. In Type, select Subnet / IP Range.
4. In the Subnet / IP Range field, type the corresponding IP address range.
5. In Interface, select the FortiGate interface that connects to the clients.
6. This is usually the interface that connects to the Internet.
7. Select OK.
To define the firewall destination address
1. Go to Firewall Objects > Address > Addresses and select Create New.
2. In the Address Name field, type a name that represents a range of IP addresses on the network behind the FortiGate unit (for example, Int_L2TPaccess).
3. In Type, select Subnet / IP Range.
4. In the Subnet / IP Range field, type the corresponding IP address range.
5. In Interface, select the FortiGate interface that connects to the network behind the FortiGate unit.
6. Select OK.
See Also
Authenticating L2TP clients
Enabling L2TP and specifying an address range
L2TP configuration overview
PPTP and L2TP