Client L2tp connect to Ipsec tunnel on flex200

Obat · November 2022

Hi,
local subnet 192.168.10.0/24
VPN1 site to site remote policy 192.168.192.0/24 Server001 192.168.192.3
VPN2 L2tp over IPsec subnet range 192.168.150.10-192.168.150.15

Local subnet connection with site to site and Server001 OK
Client L2tp connection with remote local subnet OK

Remote L2tp client connection with site to site vpn and Server001 ERROR
Ping 192.168.192.3 failed

Secure policy source l2tp subnet and destination site2site subnet configured.

Help me

Zyxel_Jeff · November 2022

Hello @Obat

Welcome to the Zyxel community. You can add a policy route on USG Flex200 to let L2TP client can access the remote site via the site-to-site VPN tunnel.

Image: https://us.v-cdn.net/6029482/uploads/editor/yb/j9i7wywr15sx.png

The incoming interface chooses to Tunnel, the member chooses to L2TP user, the Source Address chooses to L2TP IP range, the Next-Hop type chooses to VPN tunnel and choose which VPN tunnel that you would like to access.

Image: https://us.v-cdn.net/6029482/uploads/editor/l3/ej193ebqovcq.png

Thanks

.

Obat · November 2022

Hi, with this parameters vpn client lost internet connection and the server on sitetosite vpn tunnel is unavailable.
Thank you

Image: https://us.v-cdn.net/6029482/uploads/editor/2c/c53cssvyml2g.png

Image: https://us.v-cdn.net/6029482/uploads/editor/xm/24f78ufh8okj.png

Zyxel_Jeff · November 2022

Hi @Obat

May I know whether your problem is resolved yet?
If still not, please disable "Use Policy Route to control dynamic IPsec rules" option and see whether it is working for you.

Image: https://us.v-cdn.net/6029482/uploads/editor/d3/ktflgun0etis.png

Or, you can provide a remote Web-GUI link to us for further checks.
I will provide how to configure that setting via private message later.
Thanks.

Client L2tp connect to Ipsec tunnel on flex200

All Replies

Categories

Security Highlight

Security Help Center