How do I configure the ZyWALL for a L2TP server behind NAT?

Zyxel_Charlie
Zyxel_Charlie Posts: 1,034
50 Answers 500 Comments Friend Collector Fourth Anniversary
 Guru Member
edited April 2021 in Security

Topology:

Network Conditions:

Router WAN IP: 59.124.163.151

ZyWALL WAN IP: 192.168.10.33

 

Configuration on the router:

Add a NAT rule for the router.

Allow L2TP services.

L2TP server: 192.168.10.33

L2TP service: IKE, NATT, L2TP-UDP

Configuration on the ZyWALL/USG:

IPSec VPN Gateway

IPSec VPN Connection:

The local policy is the NAT public IP address.

L2TP VPN:

Assign a pool for the L2TP clients.

Create a registry key on Windows Client:

(1) Start > cmd > Enter "regedit"
(2) Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
(3) Add a RWORD(32 bit), and name is: AssumeUDPEncapsulationContextOnSendRule
(4) Edit value as 2
(5) Reboot PC.

On Windows 10, edit in the registry and then reboot.
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f

VERIFICATION:

Use a smartphone or a PC to establish a L2TP VPN connection the to ZyWALL/USG.

Configure the NAT's public IP address as the L2TP server address on the client.

Accepted Solution

All Replies

  • PaoloFracas
    PaoloFracas Posts: 32
    First Comment
     Freshman Member
    There is a way to use a FQDN instead of the Static IP as "Router WAN IP"?


  • PeterUK
    PeterUK Posts: 1,491
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member

    You use interface IP which links to what WAN IP you have for that interface


  • PaoloFracas
    PaoloFracas Posts: 32
    First Comment
     Freshman Member
    I have checked the solution and it works.

    Thank you.

Security Highlight