I can't configure the Zywall VPN 300 for VPN L2TP
I'm trying to configure the VPN L2TP over IPSEC for my Firewall and after doing all of the steps i still can't connect to the remote network. I configured exactly like in the walkthrough and still nothing. My configuration is behind a router. I have a router and then is the Firewall and i would like to connect to my LAN. My question is do i need a DHCP server because it will be for 15 users or the Firewall will give from the range that is set up? Do i need to make some rule on NAT to give access ? I have a Synology NAS and i use it as a VPN server also and works but i made a rule in the NAT to send the traffic to the NAS and from there is doing his thing and everything works but i want to not use the NAS and do it from Firewall. Thanks
Accepted Solution
-
I will send you private message for check this issue more details.
5
All Replies
-
Hi, is the l2tp tunnel rising? Show the network plan.
0 -
As your description, VPN300 is behind a router.
So the router have to forward the IKE traffic to VPN300.
You can reference to FAQ to realize this requirement.
Can you also share firmware version is working on your VPN300?
0 -
Thanks for the answers. I have already a VPN server but is on a Synology NAS and i think the Router is fowarding IKE traffic.
My config is ROUTER(ISP) --->Firewall ----> SWITCHES
I've captured the traffic between client and VPN and i have a payload malformed. I've been trying with both mac and windows computers. On the Firewall end is everything like in the walkthrough configured and still nothing.0 -
Is this your network topology?
Router(ISP)------VPN300 or USG300(VPN server)-----switch------ Synology NAS?
If it is not, please describe your topology more detail and make IP addresses in it.
In your description the VPN tunnel is working when Synology NAS is a VPN server.
What did you do in ISP router and USG300?
0 -
Yes that's my topology and works for VPN Server on the Synology. I've opened the ports that L2TP needs and everything works for the NAS Server.
0 -
As your requirement, if you would like to change L2TP server as USG300.
Then you have to disable NAT(Port Forwarding) rule from USG300.
The IKE packets will receive by USG300 and will not forwards to Synology NAS anymore.
Then it should able fulfill your requirement.
0 -
It also doesn't work. That is my config maybe i have an misconfiguration
0 -
As your scenario ZyWALL is a private IP address ISP offered.
So you have to add the port forwarding rule on ISP router first.
On VPN300 VPN gateway, make sure your VPN proposal and key group is correct.
In VPN connection, make sure local policy is the IP address that ISP provided.(The public IP address on ISP router) And make sure proposal is correct.
In L2TP setting, the IP pool can not overlap to any interface IP subnet.
Otherwise the traffic unable forward to client successfully.
You still can reference to FAQ, the scenario is the same as your requirement.
0 -
Thanks for helping me.
I have done everything like that including the NAT RULE
Now i receive a proposal mismatch and the preshared key match both sides (Client and server) Maybe is the config that first must be DES and not 3DES? I'm trying to connect from mac and windows machines. How is IPSec_VPN zone configured. IPSec_VPN on my side is the VPN Connection and i think it shouldn't be. Thanks in advance!0 -
You seems configured wrong setting….
(1) The port forwarding rule should configured on ISP router but not VPN300.
(2) Please double confirm if you select correct Key group in VPN Gateway. (phase 1).
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight