How do I configure the ZyWALL for a L2TP server behind NAT?

Zyxel_Charlie

Topology:

Network Conditions:

Router WAN IP: 59.124.163.151

ZyWALL WAN IP: 192.168.10.33

 

Configuration on the router:

Add a NAT rule for the router.

Allow L2TP services.

L2TP server: 192.168.10.33

L2TP service: IKE, NATT, L2TP-UDP

Configuration on the ZyWALL/USG:

IPSec VPN Gateway

IPSec VPN Connection:

The local policy is the NAT public IP address.

L2TP VPN:

Assign a pool for the L2TP clients.

Create a registry key on Windows Client:

(1) Start > cmd > Enter "regedit"

(2) Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent

(3) Add a RWORD(32 bit), and name is: AssumeUDPEncapsulationContextOnSendRule

(4) Edit value as 2
(5) Reboot PC.

On Windows 10, edit in the registry and then reboot.

REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d 0x2 /f

VERIFICATION:

Use a smartphone or a PC to establish a L2TP VPN connection the to ZyWALL/USG.

Configure the NAT's public IP address as the L2TP server address on the client.

Zyxel_Stanley

Hi @PaoloFracas
You can have a try to use IP 0.0.0.0 address object as "local policy" in phase2 setting.

PaoloFracas

There is a way to use a FQDN instead of the Static IP as "Router WAN IP"?

PeterUK

You use interface IP which links to what WAN IP you have for that interface

Zyxel_Stanley

Hi @PaoloFracas
You can have a try to use IP 0.0.0.0 address object as "local policy" in phase2 setting.

PaoloFracas

I have checked the solution and it works.

Thank you.

MiG

THANKS! This manual helped me to find missed required setting :)