Sometimes it might be necessary to put your USG behind a NAT router, but you still want to build a VPN tunnel to the USG. This tutorial shows how to configure this feature in no-time!
- Click on Quick setup > VPN Setup > VPN Settings for L2TP and click "Next"
- Enter a preshared key and click "Next"
- Enter an IP-address pool for clients connecting with L2TP, click "Next" and click "Close"
- Go to Object > User > Add. Here you can enter username and password
- Go to Object > Group > Add. Create a group for L2TP and add all your L2TP users
- Go to VPN > L2TP VPN. Enable L2TP over IPSec. Also select the correct user group you created above, on the allowed user option
- Go to VPN > IPSec VPN > VPN connection > click edit on the newly created connection
- In the left corner of the opened tab, click on Create New object > IPv4 address
- Create a Host object with your networks true WAN-IP address (not the WAN IP of the USG only, but of the NAT router in front of it!)
- Select the just created object on local policy
- Go to Network > NAT > Add
- Select 1:1 NAT, enter the (public)WAN-IP on the user-defined Original IP
- Enter the (private) Device WAN-IP on the user-defined Mapped IP
- Go to Object > Service > Service Group and click Add
- Create a group and select the IKE/L2TP-UDP/NATT Service
- Go to Security Policy > and click Add
- In the left corner of the opened tab, click on create new object > Adress
- Create a Host object with your Local Device IP-address
- Select on Destination the just created object. (local device IP-address)
- Select on service-group the above-created service-group (IKE/L2TP-UDP/NATT) and click ok
Do you want to have a look directly on one of our test devices? Have a look here in our virtual Lab: