L2TP Client NAT Issue
I looked at the forum and I saw a lot of discussion regarding an L2TP server behind NAT, but never an L2TP client, so here's a question.
I have a pair of USG20-VPN setup: one is in a headquarters office, the other is in a remote office. Both are directly no the internet (I use DDNS to obtain names for the two locations), so they are NOT behind NAT.
I have an IPSEC tunnel between the two, so both offices' networks are reachable from within the office networks; all internet bound traffic is routed out of the headquarters office. I wanted users with mobile phones (iOS) to be able to access the corporate network so I configured the headquarters USG20-VPN to support L2TP/IPSEC VPN and it works great as long as the iOS users are on cellular data (and therefore not behind NAT).
As soon as the iOS users are on WiFi somewhere (and, therefore, behind NAT) they can no longer access the headquarters VPN server. Any suggestions?
Again, the server is NOT behind NAT: it is right on the internet with a public address and reachable directly. It is the client that is behind NAT.
If I were able to modify settings on the WiFi router (some of the places the iOS users go to I have control on) is there a way I could configure NAT on the router so the clients could stand up the VPN?