|reply to Brano |
Re: L2TPoIPSEC problems
Most of all thanks to Brano 's HowTo(s).
All works fine. I have to add some interesting (surely to me) things:
(note: i created a L2TP Zone to make it easier to manage.)
- We need, working on the Internet, that WAN Iface has the Public IP (no chances behind a NAT), or bridge the Router that connects to Internet;
- we need to allow L2TP -> ZYWALL all services we want to allow from client to targets behind the remote USG (while i was thinking L2TP to LAN1, in my case. But, for real, L2TP should be considered Client to Client VPN, so it's correct: ZyWALL works as L2TP Client);
- Performing a ping -t command from L2TP client to remote LAN address ... i had some considerations:
- If we start client behind a remote ZyWALL that has an other IPSec VPN (not nailed up) to same destination USG:
---- L2TP VPNs does not cause the other Tunnel to go up, if it stars as first;
---- If the other Tunnel was already UP: L2TP Vpn take the traffic, and the working one stays up, but just with services related ipsec-service traffic.
Hope it could help.
Please, post here, if you think you i wrote incorrect things.