Help with L2TP VPN and USG 40
Hi, I'm encountering a lot of difficulties setting up a L2TP VPN with a USG40. Here is our configuration and how the USG is set up. I've followed the configuration Wizard of the VPN but I cannot reach the USG as any client from which I try to connect sees port 500 as closed (server unreachable). Our ISP says that any network traffic is allowed to pass through their gateway (we have not access to its configuration) but still we cannot set up the VPN.
I can reach from outside the office the USG40 and change its settings, only VPN seems no to work.
Firmware version is V4.33.
Are there any other settings I can check to make it work?
Thank you
Kaika
I can reach from outside the office the USG40 and change its settings, only VPN seems no to work.
Firmware version is V4.33.
Are there any other settings I can check to make it work?
Thank you
Kaika
0
Comments
-
Hi @kaika313,
Can you draw a network topology again with each interface ip/subnet?
I am wondering why both USG 40 and Gateway have physical link to office network?
0 -
HI @Zyxel_Cooldia,
here's the complete topology. I have to keep them both connected as the ISP router manages some IP phones connected to the network and we we tried to leave it connected just to the USG they didn't worked anymore. Please let me know if you need further information.
Thank you0 -
Hi @kaika313,The USG40 should have physical link to ISP gateway directly, and its gateway should be ISP's gateway, instead of public IP1.0
-
Hi @Zyxel_Cooldia,
I cannot connect physically to ISP's gateway and If I set ISP's gateway in USG connection does not work so I'm forced to use these settings and go through Public IP 1.0 -
Hi @kaika313,That’s weird. Are you sure the wan IP of USG is valid public IP given by ISP?If you ping to USG Interface WAN IP from Internet, can you see the icmp packets on USG wan interface ?CLI for packet capture:outer> packet-trace interface wanx extension-filter icmp0
-
Hi @Zyxel_Cooldia,
this is the result from CLI packet capture:10:47:57.000665 IP External IP > USG public IP: icmp: echo request
10:47:57.001126 IP USG public IP > External IP: icmp: echo reply
10:47:58.001636 IP External IP > USG public IP: icmp: echo request
10:47:58.002127 IP USG public IP > External IP: icmp: echo reply
I can also connect to it's web interface from Internet. If I try to "expose" an internal machine, for example the web interface of a NAS, if I test open ports none I try opens...
0 -
UPDATE:
now our ISP has removed any block and I can establish the L2TP VPN connection!
Thank you for your support0 -
Good to hear that you found the root cause.Feel free to let us know if you encounter any issue.
See how you've made an impact in Zyxel Community this year!
https://bit.ly/Your2024Moments_Community0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight