dslreports logo
    All Forums Hot Topics Gallery


how-to block ads

Search Topic:
share rss forum feed


Kearny, NJ

1 edit
reply to Brano

Re: L2TPoIPSEC problems

said by Brano:

1) Upgrade to the latest FW »USG series 3.00 (xxx.4) firmware is out!
2) Follow instructions here »L2TP VPN on USG - quick how-to
and update as per here »L2TP VPN on USG - quick how-to (Win7 updated)

Most of all thanks to Brano See Profile's HowTo(s).

All works fine. I have to add some interesting (surely to me) things:

(note: i created a L2TP Zone to make it easier to manage.)

- We need, working on the Internet, that WAN Iface has the Public IP (no chances behind a NAT), or bridge the Router that connects to Internet;
- we need to allow L2TP -> ZYWALL all services we want to allow from client to targets behind the remote USG (while i was thinking L2TP to LAN1, in my case. But, for real, L2TP should be considered Client to Client VPN, so it's correct: ZyWALL works as L2TP Client);

- Performing a ping -t command from L2TP client to remote LAN address ... i had some considerations:

- If we start client behind a remote ZyWALL that has an other IPSec VPN (not nailed up) to same destination USG:
---- L2TP VPNs does not cause the other Tunnel to go up, if it stars as first;
---- If the other Tunnel was already UP: L2TP Vpn take the traffic, and the working one stays up, but just with services related ipsec-service traffic.

Hope it could help.
Please, post here, if you think you i wrote incorrect things.


Kearny, NJ

FW rules: L2TP -> LAN1