Usg 110 4.25 l2tp traffic blocked after upgrade
Freshman Member
Hello,
if i try to upgrade our usg 110 , all the version before the 4.25 block the traffic frome the l2tp ipsec vpn.
I watched all the log to finde a solution allowing the blocked traffic but no way...
i also allowed the traffic from wan (local remote subnet) to all...
All Replies
-
You cannot connect to L2TP IPSec? Or you cannot connect from L2TP Subnet to Lan1?
0 -
Sorry for my bad english!!!
Tunnel is UP, but i can't connect from l2tp range ip pool to Lan1.
with the old firmware all is ok. If I upgrade after the versione 4.25 no way to allow traffic
0 -
There is a way, i can assure it to you. ;)
I do not have a spare 4.35 device for start from scratch, but i suggest you to double check your setup with this PDF
and consider than most occasions there are one or two firewall rules missing.
One from L2TP zone and subnet to LAN1 zone and subnet
One from LAN1 zone and subnet to L2TP zone and subnet
Also, as default L2TP subnet do not have access to WAN interface (for connecting to internet via USG device).
1 -
Hi @Nakyll,
The L2TP VPN is able to be working after you follow the guide in the wizard to configure L2TP VPN.
The L2TP users can access the LAN resource and Internet.
Here are FAQ for your reference.
If L2TP VPN is still not working, share your topology and settings such as L2TP VPN, IPSec VPN and policy route with us.
How to use the VPN Setup Wizard to create a L2TP VPN on the ZyWALL/USG
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community0 -
Hello,
my l2tp Work perfectly under firmware versione 4.25 with a radius server and OTP account!
if I upgrade to new firmware connection goes UP but no traffic in the tunnel!
(tryed also to bypass the radius server working on locally account)
https://us.v-cdn.net/6029482/uploads/836/9QG5MSC6FB9X.pngThis is the route on 4.25.
Tryed to make route also from lan1 to tunnel with correct source and destination
Seems that route of l2tp are totally ignored (i tryed to make also a new l2tp vpn ...no way)
suggestions?
0 -
Hi @Nakyll,
In your configuration file, the two subnet lan1 and lan2 are overlapped.
The range of WIZ_VPN_LOCAL for L2TP VPN client pool also overlaps with lan1.
You need to
1. Disable lan2.
2. Modify the range of WIZ_VPN_LOCAL for L2TP VPN client pool. Ex: 10.10.10.1-10.10.10.20.
After ZyWALL110 is upgraded from 4.25 and 4.35, L2TP VPN client is able to ping lan1 and 8.8.8.8 successsfully.
Note that IP pool for L2TP VPN clients and SSL VPN clients cannot conflict with any WAN/LAN/DMZ/WLAN subnet even if they are not in use.
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community0
Guru Member
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight
