Hi,
i have a problem with the L2TP configuration on a USG40
SCENARIO:
WAN provider router (192.168.1.254) - port forwarding 500/4500/1701 to 192.168.1.1
WAN-IF USG: 192.168.1.1
I'm using a client Windows 10 Pro
The wizard configuration works fine in other situations, where I have a static public IP on the WAN interface.
In this case (behind nat) i get always the same error in the IKE log (attach img)
I think the problem is due to the local policy parameter:
- By default this field is set " ip interface (WAN 192.168.1.1)" - but it doesn't works (i get LOCAL POLICY MISMATCH error in the IKE log)
- If i try to set local policy as HOST (0.0.0.0) i get the attached error (SA NO PROPOSAL CHOSEN)
- I tried the same configuration with true public ip address on the WAN interface and all works fine
so the question is.....how L2TP over IPSEC works behind a NAT?
Thanks for your help!
Davide
↧