How do I configure the ZyWALL for a L2TP server behind NAT?

Zyxel_Charlie
Zyxel_Charlie Posts: 1,034  Zyxel Employee
50 Answers 500 Comments Friend Collector Fourth Anniversary
edited April 2021 in Security

Topology:

Network Conditions:

Router WAN IP: 59.124.163.151

ZyWALL WAN IP: 192.168.10.33

 

Configuration on the router:

Add a NAT rule for the router.

Allow L2TP services.

L2TP server: 192.168.10.33

L2TP service: IKE, NATT, L2TP-UDP

Configuration on the ZyWALL/USG:

IPSec VPN Gateway

IPSec VPN Connection:

The local policy is the NAT public IP address.

L2TP VPN:

Assign a pool for the L2TP clients.

Create a registry key on Windows Client:

(1) Start > cmd > Enter "regedit"
(2) Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
(3) Add a RWORD(32 bit), and name is: AssumeUDPEncapsulationContextOnSendRule
(4) Edit value as 2
(5) Reboot PC.

On Windows 10, edit in the registry and then reboot.
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f

VERIFICATION:

Use a smartphone or a PC to establish a L2TP VPN connection the to ZyWALL/USG.

Configure the NAT's public IP address as the L2TP server address on the client.

Accepted Solution

All Replies

  • PaoloFracas
    PaoloFracas Posts: 54  Ally Member
    First Comment Friend Collector First Anniversary
    There is a way to use a FQDN instead of the Static IP as "Router WAN IP"?


  • PeterUK
    PeterUK Posts: 3,391  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    You use interface IP which links to what WAN IP you have for that interface


  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,377  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    Answer ✓
    Hi @PaoloFracas
    You can have a try to use IP 0.0.0.0 address object as "local policy" in phase2 setting.

  • PaoloFracas
    PaoloFracas Posts: 54  Ally Member
    First Comment Friend Collector First Anniversary
    I have checked the solution and it works.

    Thank you.
  • MiG
    MiG Posts: 1
    First Comment

    THANKS! This manual helped me to find missed required setting :)

Security Highlight