How to allow L2TP VPN when WAN interface doesn't exist in default WAN trunk?
Options
![Zyxel_James](https://us.v-cdn.net/6029482/uploads/defaultavatar/nN4PAQRO7TCNP.jpg)
Zyxel_James
Posts: 663
Zyxel Employee
![](https://us.v-cdn.net/6029482/uploads/userpics/FN0BI9T10CTX/n6O940IZ5DEW6.png)
![First Anniversary](https://us.v-cdn.net/6029482/uploads/badges/SJKCAIG91R5S.png)
![10 Comments](https://us.v-cdn.net/6029482/uploads/badges/818CA6MI9BTU.png)
![Friend Collector](https://us.v-cdn.net/6029482/uploads/badges/HNJASEUSC535.png)
![First Answer](https://us.v-cdn.net/6029482/uploads/badges/OV6XOPPO8V59.png)
in VPN
QUESTION
In this scenario, the WAN interface for L2TP connection does not exist in the default WAN trunk, how to allow L2TP VPN such a WAN interface that is not in the default WAN trunk?
ANSWER
You can add policy routes to resolve this situation because policy route priority is higher than the default WAN trunk.
Policy route:
(1) Incoming: L2TP VPN, Source: L2TP VPN subnet, Next-Hop: Auto, SNAT: Outgoing-interface.
(2) Incoming: ZyWALL, Source: WAN interface, Source Port: UDP1701, Next-Hop: L2TP VPN tunnel, SNAT: none.
(3) Incoming: ZyWALL, Source: WAN interface, Next-Hop: WAN interface, SNAT: none
Please note thatSince UDP1701 port belongs to ESP packets, it must be routed into VPN tunnel.
0
Categories
- All Categories
- 413 Beta Program
- 2.3K Nebula
- 192 Nebula Ideas
- 87 Nebula Status and Incidents
- 5.3K Security
- 142 USG FLEX H Series
- 253 Security Ideas
- 1.3K Switch
- 75 Switch Ideas
- 993 Wireless
- 51 Wireless Ideas
- 6.1K Consumer Product
- 231 Service & License
- 362 News and Release
- 74 Security Advisories
- 23 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 101 About Community
- 67 Security Highlight