USG300 - L2TP over IPSec behind NAT

dpipro
dpipro Posts: 64  ZCNE Certified
First Anniversary ZCNE Switch Level 1 Certification - 2020 ZCNE Nebula Level 1 Certification - 2020 ZCNE Security Level 1 Certification - 2019
edited April 2021 in Security
Hello,

does ZyWALL USG300 support L2TP over IPSec when behind a NAT router?
Topology:
USG300 (ge4: 192.168.1.63) -- NAT Router CPE (With Public IP) -- Internet -- Android Smartphone with 4G Connection

The ZyWALL has the firmware rev 3.30(AQE.7)
Thanks in advance.

Best regards,
dpipro


Best regards

All Replies

  • Alfonso
    Alfonso Posts: 257  Master Member
    First Anniversary Friend Collector First Answer First Comment
    Hi @dpipro

    I suppose that the Zywall is the vpn server.

    So, some nat rules must be configured on the NAT Router CPE:

    The following ports should be redirected to the Zywall USG device:
    - 500 UDP
    - IP protocol 50
    - IP protocol 51
    - 4500 UDP

    It should work.

    Best regards
  • dpipro
    dpipro Posts: 64  ZCNE Certified
    First Anniversary ZCNE Switch Level 1 Certification - 2020 ZCNE Nebula Level 1 Certification - 2020 ZCNE Security Level 1 Certification - 2019
    Hello @Alfonso

    Thank you for your post. It didn't work out. :-(
    I have another customer with a USG60 on the same conditions and it works perfectly.

    Maybe USG300 is too old to have support for L2TP behind NAT, don't you think?

    Best regards
    Best regards
  • Alfonso
    Alfonso Posts: 257  Master Member
    First Anniversary Friend Collector First Answer First Comment
    Hi @dpipro

    I suppose that USG300 supports L2TP behind NAT, but I do not have one to confirm.

    Maybe one USG300 owner can verify it.
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    @dpipro
    The USG300 does not support the L2TP behind NAT.
    You may consider the USG310 which does support this scenario.
    Charlie 


Security Highlight