Knowledge Base

How to allow L2TP VPN when WAN interface doesn't exist in default WAN trunk?

Question

When establishing VPN tunnel, the WAN interface in "default WAN trunk" is required. (The behavior of Web GUI server and FTP server are the same.)

However, in some of routing requirements, the interface doesn't exist in default WAN trunk.

How to allow L2TP VPN when WAN interface doesn't exist in default WAN trunk?

Answer

You can add policy route to resolve this situation, becasue policy route priority is higher than default WAN trunk.

Policy route:

(1) Incoming: L2TP VPN, Source: L2TP IP address, Next-Hop: Auto, SNAT: Outgoing-interface.

(2) Incoming: ZyWALL, Source: WAN interface, Source Port: UDP1701, Next-Hop: L2TP VPN tunnel, SNAT: none.

(3) Incoming: ZyWALL, Source: WAN interface, Next-Hop: WAN interface, SNAT: none

 

Since UDP1701 port belongs to ESP packets, it must be routed into VPN tunnel.



YES NO

Please leave your comment:

SUBMIT

Question Profile

LANGUAGE:
ARTICLE ID:018045
TYPE:General Info
FIRMWARE:4.38 or above version
VIEWS:348
VOTES:1
TECHNOLOGY:
MODEL:USG FLEX 100,USG FLEX 100W,USG FLEX 200 (view more model name)

Still have trouble with your device? Contact Zyxel technology support team directly!

Contact Zyxel Support