VPN solution with USG20-VPN and Fritzbox

Hi,

I am trying to establish a VPN solution in my network. I have a Fritzbox 7590 router and a USG20-VPN. The Fritzbox network is 192.168.10.0 an the one from the USG is 192.168.1.0. I want to enable a VPN connection with the possibility to connect via RDP to a specific client. In the last days I tested two sceanrios:

The first was with the help of the instructions from Zyxel I was able to establish the VPN connection to the USG after setting up the port forwarding in the Fritzbox.

https://mysupport.zyxel.com/hc/en-us/articles/360005744000--ZyWALL-USG-How-to-set-up-a-Client-to-Site-VPN-Configuration-Payload-DHCP-connection-using-IKEv2

But I always read that for VPN connections the encyption AES256 with SHA256 should be the minimum to be secure. While the instructions are using 3DES and AES128 I tried to change the encryption to AES256/SHA256 (I am aware regarding the performance :-)). Unfortunately with AES256 there is no way for me to get it running on a Windows client. With my iPhone it is working well, but also Windows is the goal. On Windows I am using the ZyWall IPSec VPN client as I have read that Windows does not support the needed DH groups when using AES256. Does anybody have already setup the IPSec VPN with AES256/SHA256 on windows?

The second sceanrio I tested was that my Fritzbox is the VPN server with WireGuard VPN setup. This worked to connect to the Fritzbox. I then set a route into the USG network to connect to the client. But this step only did not work I also had to setup a policy route at the USG to allow RDP from WAN (the USG WAN port is connected with the Fritzbox). The rule looks like this:

Somehow I have the feeling that this is not a secure solution, since I am giving all RDP requests from the WAN access to the LAN, isn't it?

Can someone perhaps give me a kind of best pratise approach for my desired goal? I'm not much of a network specialist, but I'm slowly getting more into the subject. Any help would be greatly appreciated.