This article will explain how to set up your L2TP tunnel using Nebula CC [USG FLEX/ATP Series]. How to configure the VPN users, NCC and your clients as well as testing your result.

In Figure1, there are multiple clients that want to access the server that is behind Firewall. To do that, the clients establish the L2TP over IPSec VPN tunnel to Firewall.
All network IP addresses and subnet masks are used as examples in this article. Please replace them with your actual network IP addresses and subnet masks. This example was tested Nebula gateway, switch, APs with the last firmware version on Nebula Center Control (NCC).

Enable and Configure Remote VPN

Go to and configure the parameters.

Site-wide > Configure > Firewall > Remote access VPN

• Client VPN server: L2TP over IPSec client
• Client VPN subnet: 192.168.100.0/24
• DNS name servers: Use "Specify nameserver..." and select Google DNS and/or the LAN gateway address of the primary LAN subnet of the firewall
• WINS: No WINS servers
• Secret: <Pre-shared key>
• Authentication: Nebula Cloud Authentication

Click "Custom" and make sure that you have "Default" selected here to get for example Windows PC to work.

 

Then click save.

 

1.2 Configure Cloud Authentication Users

Go to

Site-wide > Configure > Cloud authentication 

select Account type “VPN User” and create(add) user.
 
Add the email address, username, select a password and allow the user to login to the VPN via "VPN Access". Don't forget to authorize the user to the organization or the site and I prefer to be able to login via the username or the email.
Note: If you only want this account to access a specific site via L2TP, you may select Specified sites in the Authorized section.

1. Click Save and make sure firewall's configuration status is up to date.

2) Client Configuration

Take a look at this article: 

VPN - Configure L2TP Client Configuration using Android, iOS, Windows & Linux Ubuntu