USG300 - L2TP over IPSec behind NAT


does ZyWALL USG300 support L2TP over IPSec when behind a NAT router?
USG300 (ge4: -- NAT Router CPE (With Public IP) -- Internet -- Android Smartphone with 4G Connection

The ZyWALL has the firmware rev 3.30(AQE.7)
Thanks in advance.

Best regards,


  • AlfonsoAlfonso Member Posts: 178  Master Member
    Hi @dpipro

    I suppose that the Zywall is the vpn server.

    So, some nat rules must be configured on the NAT Router CPE:

    The following ports should be redirected to the Zywall USG device:
    - 500 UDP
    - IP protocol 50
    - IP protocol 51
    - 4500 UDP

    It should work.

    Best regards
  • dpiprodpipro Member Posts: 6
    Hello @Alfonso

    Thank you for your post. It didn't work out. :-(
    I have another customer with a USG60 on the same conditions and it works perfectly.

    Maybe USG300 is too old to have support for L2TP behind NAT, don't you think?

    Best regards
  • AlfonsoAlfonso Member Posts: 178  Master Member
    Hi @dpipro

    I suppose that USG300 supports L2TP behind NAT, but I do not have one to confirm.

    Maybe one USG300 owner can verify it.
  • Zyxel_CharlieZyxel_Charlie Zyxel Official Agent Posts: 686  mod
    The USG300 does not support the L2TP behind NAT.
    You may consider the USG310 which does support this scenario.

Sign In to comment.