Route L2TP VPN Traffic
L2TP (Layer 2 Tunneling Protocol) is a tunneling protocol used to support virtual private networks (VPNs). L2TP works at layer 2 (the data link layer) to tunnel network traffic between two Nebula Devices over another network (like the Internet). In L2TP VPN, establish an IPSec (Internet Protocol Security) VPN tunnel first and then build an L2TP tunnel inside it. IPSec VPN connects IPSec routers or remote users using an IPSec software such as SecuExtender.
The following example figure shows a VPN client (C) connecting to a Nebula Device (R1) through an L2TP VPN (V1). Nebula Device (R1) connects to Nebula Device (R2) using site-to-site VPN (V2). The VPN client (C) can access a server (S) inside the Nebula Device (R2) through the two VPN tunnels (V1, V2).
You can set up a VPN site-to-site tunnel to a cloud computing service like Microsoft Azure. To route L2TP traffic between your site and Microsoft Azure site, do the following:
 
Nebula Device (Firewall device) IP address
192.168.1.1
L2TP VPN (source site)
192.168.3.0/24
Microsoft Azure network (destination site)
172.10.1.0/24
Go to Site-wide > Configure > Firewall > Routing: Policy Route/Traffic Shaping: Add.
Enter a definition for the rule in Description: for example, L2TP_Routing.
Enter the L2TP IP address range to which this rule applies in Source IP: 192.168.3.0/24.
Enter the Destination IP address range to which this rule applies: 172.10.1.0/24.
Select Any protocol to apply the policy route to in Service.
Click to enable Policy Route.
Select VPN Traffic in Type to route the matched packets through the VPN tunnel you specified in the Next-Hop field.
Select the remote VPN gateway’s site name in Next-Hop.
Then click Update. Network traffic can now pass between your site and Microsoft Azure site through the L2TP tunnel.