How do I configure the ZyWALL for a L2TP server behind NAT?

Zyxel_Charlie
Zyxel_Charlie Posts: 1,034  Zyxel Employee
edited April 2021 in Security

Topology:

Network Conditions:

Router WAN IP: 59.124.163.151

ZyWALL WAN IP: 192.168.10.33

 

Configuration on the router:

Add a NAT rule for the router.

Allow L2TP services.

L2TP server: 192.168.10.33

L2TP service: IKE, NATT, L2TP-UDP

Configuration on the ZyWALL/USG:

IPSec VPN Gateway

IPSec VPN Connection:

The local policy is the NAT public IP address.

L2TP VPN:

Assign a pool for the L2TP clients.

Create a registry key on Windows Client:

(1) Start > cmd > Enter "regedit"
(2) Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
(3) Add a RWORD(32 bit), and name is: AssumeUDPEncapsulationContextOnSendRule
(4) Edit value as 2
(5) Reboot PC.

On Windows 10, edit in the registry and then reboot.
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f

VERIFICATION:

Use a smartphone or a PC to establish a L2TP VPN connection the to ZyWALL/USG.

Configure the NAT's public IP address as the L2TP server address on the client.

Security Highlight