L2TP GEO block

DanniKool
DanniKool Posts: 37  Freshman Member
First Answer First Comment Sixth Anniversary
in Nebula
Is it somehow possible to GEO block on L2TP in Remote access VPN?

Accepted Solution

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Answer ✓
    You need to create two security policy rules. In the following example, we allow Geo IP "Taiwan" only to establish L2TP VPN.
    In the first policy, action: Allow, source: allowed Geo-IP, destination: Device, dst. port: 1701, 4500, 500
    In the second policy, action: Deny, source: Any, destination: Device, dst. port: 1701, 4500, 500

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    You can add security policy rule as follows.

  • DanniKool
    DanniKool Posts: 37  Freshman Member
    First Answer First Comment Sixth Anniversary
    That doesn't work - not even with a NAT rule.....
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Answer ✓
    You need to create two security policy rules. In the following example, we allow Geo IP "Taiwan" only to establish L2TP VPN.
    In the first policy, action: Allow, source: allowed Geo-IP, destination: Device, dst. port: 1701, 4500, 500
    In the second policy, action: Deny, source: Any, destination: Device, dst. port: 1701, 4500, 500

  • DanniKool
    DanniKool Posts: 37  Freshman Member
    First Answer First Comment Sixth Anniversary
    Thanks Emily

    It's works great!

Categories

Nebula Tips & Tricks


    Read more

    Nebula Help Center

    EnglishTiếng ViệtРусскийไทย中文(台灣)