No Internet after L2TP behind NAT Configuration
Freshman Member
Hello everybody,
I just can not get on with one thing ...
I've set up an L2TP connection following this guide because the USG is behind a router:
https://support.zyxel.eu/hc/de/articles/360001390654-So-konfigurieren-Sie-L2TP-hinter-NAT
It worked well and I can now connect to the network with my mobile phone or laptop. The problem is, however, that the connected devices in the network have since no Internet. But if I set the DNS server to 8.8.8.8 in Interface for LAN1 instead of "Zywall" and deactivate the SSL inspection, it works. Before that, the DNS server was set to "Zywall" and the SSL Inspection enabled and everything worked great. In addition, I noticed that the USG itself seems to have no Internet. Maybe I'm just too stupid and overlook something here. Thanks very much for an answer!
Kind Regards,
Tim
Accepted Solution
-
Hello together,
finally i found the solution in this topic...
https://businessforum.zyxel.com/discussion/2519/no-default-dns-for-wan1-on-usg40/p2
Set the local policy at Ipsec-VPN to 0.0.0.0
and disable the NAT 1:1 (from ISP-Router Public -> ZyXEL_WAN)
0
All Replies
-
Is there any rule for allow internet access from L2TP subnet?
2 -
Hello mMontana,
thanks for your answer!
Yes i´ve configured it after this manual: https://support.zyxel.eu/hc/de/articles/360001390454-So-lassen-Sie-L2TP-Clients-%C3%BCber-USG-surfen
But the problem is that the internet doesn´t work over the L2TP VPN too...
0 -
This is my version on USG60. Source "Subnet_L2TP" is the object i created for... well, the name explains :)
2 -
Hey,
would not that be covered by this Policy?
0 -
It should.
But you can change the "log matched traffic" flag for debug what's not working for you.
2 -
Is their a routing rule for WIZ_L2TP_VPN to next hop WAN1?
2 -
Hi @Spielkultur_1 ,
Can you check device’s policy route? it supposed to have a policy route for L2TP tunnel if you tick “Allow L2TP traffic Through WAN”
L2TP Policy route at “CONFIGUERZTION > Network > Routing > Policy Route”
Please note that the SNAT must set to outgoing-interface.
1 -
Hello together,
thank you very much for your answers :)
I have created these rules...
0 -
Hello mMontana,
I´ve changed it but i couldn´t see something showy...
0 -
I can suggest you only to change the settings for log, and "find" which rule hits the L2TP connection.
0
Guru Member
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 100 Nebula Status and Incidents
- 5.7K Security
- 281 USG FLEX H Series
- 278 Security Ideas
- 1.5K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.5K Consumer Product
- 251 Service & License
- 396 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 86 About Community
- 75 Security Highlight
