USG Vpn L2TP strikes again ...
may be someone can halp me to create a correct config for windows 7/8 client access VPN on USG 20.
I've a USG 20 behind an ISP router that NAT address from HSDL 93.62.215.xxx to 192.168.5.3 (WAN ip for USG). The ISP router is seen by USG as gw at 192.168.5.1. I can't change in no way the ISP settings, so I need to find a solution to let L2TP clients to connect behind a double NAT. LAN1 Subnet is 192.168.20.xxx/24.
I've tried tutorial/sample config find on this beautiful site and on Zyxel docs, but I always get a "Phase 2 no proposal chosen (14)" error (debug say "Local Traffic selector mismatch"). To let things worst, also Windows client can be behind a NATted router.
PS: USG 20 will be replaced by an USG 100 after successful config.
After more investigation, it seems that the problem is the double NAT. If I create a connection using an IP on the 192.168.5.x network to to USG20 WAN IP (192.168.5.3) everything works fine and the ipsec tunnel is created.
Is there any solution to this problem, may be using SNAT policy ?
Saint Paul, MN
if you cant forward the ports/protocol req'd for l2tp/ipsec thru the router which is in front of the USG then afaik there's no way to make it work. maybe you could use a 'cloud' vpn like hamachi...or something...
Thank you for replay gb5102.
The ISP router is just natting addresses, but doesn't block anything. I can see calls coming to Zywall. But probably need some special config to let it works in this situation.
[VPN ] -> [ IP 93.62.215.xxx ] ==> [1:1 NAT 192.168.5.xxx ] ==> [USG 20 WAN1 192.168.5.2, 192.168.20.xxx LAN1] >> pc,server and so on
The error ["Local Traffic selector mismatch"] probably does mean some specific problem with NAT-T or similar