create a L2TP VPN on the ZyWALL/USG
Hello,
I have a problem with configuring the l2tp VPN service on my Zyxel usg flex 100. I tried all the tutorials found on this site and youtube and had no success and string to find a solution for more than two weeks.
My Zyxel is behind an ISP router, and I add the Zyxel on DMZ.
And I configured the Zyxel exactly the way showed on the tutorials, and my question is, when you add the ZyXEL on DMZ do I need to set nat from the ISP to Zyxel?
The second question is, do I need to change rules on Services?
Thanks
I have a problem with configuring the l2tp VPN service on my Zyxel usg flex 100. I tried all the tutorials found on this site and youtube and had no success and string to find a solution for more than two weeks.
My Zyxel is behind an ISP router, and I add the Zyxel on DMZ.
And I configured the Zyxel exactly the way showed on the tutorials, and my question is, when you add the ZyXEL on DMZ do I need to set nat from the ISP to Zyxel?
The second question is, do I need to change rules on Services?
Thanks
0
Accepted Solution
-
@srihiru
Your post is to generic.
Here are some questions that you should answer:
1. What kind of VPN do you want to implement?
Do you want to use the zywall device as a VPN gateway (Remote Access "Server Role") for the inbound traffic from Internet to your local network? Inbound traffic means that the network communication is initiated from the Internet (PC, SmartPhone, ...)? This is the most common scenario. But there are also other possibilities too.
3. What do you mean you "add" the zywall on DMZ? There is the possibility to "add" the zywall to a DMZ, but i don't think that, this is your case. Normally zywall firewalls as Internet gateway protects/controls the traffic to a network segment designed as DMZ.
Is your zywall firewall the device which initiate the connection to the Internet, using the credentials provided by your ISP? Or is there another firewall/device on your network used as Internet gateway?
I suppose that your zywall has a connection to the Internet on wan1/wan2 interface. Right?
In that case, have a look at the zywall web dashboard to find the IP address of the interface
used for Internet routing (wan1 or wan1_ppp ...). If the IP address is in the range 100.68.0.0,
it means that your ISP is using CGNAT (Carrier Grande NAT) for clients. If that's the case, you, most probably, cannot use the zywall firewall as a VPN server with the role: "Remote Access (Server Role)". But you can use it as VPN client : role "Remote Access (Client Role)".
Otherwise you can implement both VPN Connection types: "Remote Access (Server Role)" and "Remote Access (Client Role)".
So, what do you intend to do and what kind of Internet access do you have for your zywall?
Regards!
A.
0
All Replies
-
srihiru said:When you add the ZyXEL on DMZ do I need to set nat from the ISP to Zyxel?Not easy to answer your question, because the answer depends on the device provided by the ISP to you.When i made available USGs for IPSec and L2TP I never used the DMZ option on the CPE (some even didn't had it) and i create the port forwarding rules for allow the USG to be always reachable from internet connection. Moreover, for L2TP i had to edit a WAN to Zywall rule to allow L2TP traffic to reach the firewall1
-
@srihiru
Your post is to generic.
Here are some questions that you should answer:
1. What kind of VPN do you want to implement?
Do you want to use the zywall device as a VPN gateway (Remote Access "Server Role") for the inbound traffic from Internet to your local network? Inbound traffic means that the network communication is initiated from the Internet (PC, SmartPhone, ...)? This is the most common scenario. But there are also other possibilities too.
3. What do you mean you "add" the zywall on DMZ? There is the possibility to "add" the zywall to a DMZ, but i don't think that, this is your case. Normally zywall firewalls as Internet gateway protects/controls the traffic to a network segment designed as DMZ.
Is your zywall firewall the device which initiate the connection to the Internet, using the credentials provided by your ISP? Or is there another firewall/device on your network used as Internet gateway?
I suppose that your zywall has a connection to the Internet on wan1/wan2 interface. Right?
In that case, have a look at the zywall web dashboard to find the IP address of the interface
used for Internet routing (wan1 or wan1_ppp ...). If the IP address is in the range 100.68.0.0,
it means that your ISP is using CGNAT (Carrier Grande NAT) for clients. If that's the case, you, most probably, cannot use the zywall firewall as a VPN server with the role: "Remote Access (Server Role)". But you can use it as VPN client : role "Remote Access (Client Role)".
Otherwise you can implement both VPN Connection types: "Remote Access (Server Role)" and "Remote Access (Client Role)".
So, what do you intend to do and what kind of Internet access do you have for your zywall?
Regards!
A.
0 -
Hi , thank you very much i followed few guides but found the perfect one, it was NAT and WAN IP
Network Conditions:
Router WAN IP: 59.124.163.151
ZyWALL WAN IP: 192.168.10.33
Now I can connect via VPN but the only problem is I cannot connect to the internet, I have access to my local network and to the server, I attached the images of my routing and the service can you help me to tell what I did wrong?
thank you so much for your support
0 -
Hi @srihiru,If USG FLEX 100 is placed behind NAT router, you can follow the guide in the FAQ article to add a NAT rule for L2TP service(IKE, NATT, L2TP-UDP) on the router and allow L2TP service.You may also need to create a registry key on Windows client.0
-
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight