How do I configure the ZyWALL for a L2TP server behind NAT?

Zyxel_Charlie Posts: 997  Zyxel Employee
edited April 14 in Security


Network Conditions:

Router WAN IP:



Configuration on the router:

Add a NAT rule for the router.

Allow L2TP services.

L2TP server:

L2TP service: IKE, NATT, L2TP-UDP

Configuration on the ZyWALL/USG:

IPSec VPN Gateway

IPSec VPN Connection:

The local policy is the NAT public IP address.


Assign a pool for the L2TP clients.

Create a registry key on Windows Client:

(1) Start > cmd > Enter "regedit"
(2) Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
(3) Add a RWORD(32 bit), and name is: AssumeUDPEncapsulationContextOnSendRule
(4) Edit value as 2
(5) Reboot PC.

On Windows 10, edit in the registry and then reboot.
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f


Use a smartphone or a PC to establish a L2TP VPN connection the to ZyWALL/USG.

Configure the NAT's public IP address as the L2TP server address on the client.

Sign In to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click on this button!