The example instructs how to configure the VPN tunnel between each site. When the VPN tunnel is configured, each site can be accessed securely and allow traffic from L2TP clients to go to the Internet.
All network IP addresses and subnet masks are used as examples in this article.
Please replace them with your actual network IP addresses and subnet masks.
This example was tested using USG310 (Firmware Version: 4.13) and Android version (Firmware Version: 5.0)
1.Set Up the L2TP VPN Tunnel on the ZyWALL/USG
2.Assign L2TP Users
3.Enable Internet Access over L2TP
1. Set Up the L2TP VPN Tunnel on the ZyWALL/USG
In the ZyWALL/USG, go to CONFIGURATION > Quick Setup > VPN Setup Wizard, use the VPN Settings for L2TP VPN Settings wizard to create a L2TP VPN rule that can be used with the remote Android Mobile Devices. Click Next.
Quick Setup > VPN Setup Wizard > Welcome
Then, configure the Rule Name and set My Address to be the wan1 interface which is connected to the Internet. Type a secure Pre-Shared Key (8-32 characters).
Quick Setup > VPN Setup Wizard > Welcome > VPN Settings
Assign the remote users IP addresses range from 192.168.10.10 to 192.168.10.20 for use in the L2TP VPN tunnel and check Allow L2TP traffic Through WAN to allow traffic from L2TP clients to go to the Internet. Click Next.
Quick Setup > VPN Setup Wizard > Welcome > VPN Settings (L2TP VPN Settings)
This screen provides a read-only summary of the VPN tunnel. Click Save.
Quick Setup > VPN Setup Wizard > Welcome > VPN Settings (Summary)
Now the rule is configured on the ZyWALL/USG. The rule settings appear in the VPN > L2TP VPN screen. Click Close to exit the wizard.
Quick Setup > VPN Setup Wizard > Welcome > VPN Settings > Wizard Completed
2. Assign specific users to use L2TP VPN
Go to CONFIGURATION > VPN > L2TP VPN > Create new Object > User to add User Name and Password (4-24 characters). Then, set Allowed User to the newly created object (L2TP_Remote_Users/zyx168 in this example).
CONFIGURATION > VPN > L2TP VPN > Create new Object > User
3. Enable Internet Access over L2TP
If some of the traffic from the L2TP clients need to go to the Internet, create a policy route to send traffic from the L2TP tunnels out through a WAN trunk. Set Incoming to Tunnel and select your L2TP VPN connection. Set the Source Address to be the L2TP address pool. Set the Next-Hop Type to Trunk and select the appropriate WAN trunk.
CONFIGURATION > Network > Routing > Policy Route