How do I configure the ZyWALL for a L2TP server behind NAT?

Zyxel_Charlie Posts: 1,034
50 Answers 500 Comments Friend Collector Fourth Anniversary
 Zyxel Employee
edited April 2021 in Security


Network Conditions:

Router WAN IP:



Configuration on the router:

Add a NAT rule for the router.

Allow L2TP services.

L2TP server:

L2TP service: IKE, NATT, L2TP-UDP

Configuration on the ZyWALL/USG:

IPSec VPN Gateway

IPSec VPN Connection:

The local policy is the NAT public IP address.


Assign a pool for the L2TP clients.

Create a registry key on Windows Client:

(1) Start > cmd > Enter "regedit"
(2) Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
(3) Add a RWORD(32 bit), and name is: AssumeUDPEncapsulationContextOnSendRule
(4) Edit value as 2
(5) Reboot PC.

On Windows 10, edit in the registry and then reboot.
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f


Use a smartphone or a PC to establish a L2TP VPN connection the to ZyWALL/USG.

Configure the NAT's public IP address as the L2TP server address on the client.

Accepted Solution

All Replies

  • PaoloFracas
    PaoloFracas Posts: 48
    First Comment
     Freshman Member
    There is a way to use a FQDN instead of the Static IP as "Router WAN IP"?

  • PeterUK
    PeterUK Posts: 1,850
    100 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member

    You use interface IP which links to what WAN IP you have for that interface

  • PaoloFracas
    PaoloFracas Posts: 48
    First Comment
     Freshman Member
    I have checked the solution and it works.

    Thank you.
  • MiG
    MiG Posts: 1
    First Comment

    THANKS! This manual helped me to find missed required setting :)

Security Highlight