We have a trouble at one of our partners. They have a system admin company who are doing their IT stuff, they brought a Zyxel Firewall and would want to connect with an L2TP to their device, but the zyxel is behind a Mikrotik 960PGS router, and the mikrotik is doing the PPPOE connection and DHCP for lan. - PPPOE has a Public IP address. If we create firewall accept rules and 1-1 NAT with the ports needed for L2TP with IPsec (1701, 500, 4500, 50, 51, 47, 5500) the connection still isn’t working, looks like that the packets are stuck at the Mikrotik.
The complete MT config would be required to ascertain the issues…
Im assuming your actual public WANIP information is not what you are using ,if so go back and edit your post and put in fake numbers for WANIP or gateway WANIP info
I attached the full config, hope you can open it, maybe you will find something. I’m clueless. The firewall filter accept rules were just attempts if maybe the problem lies there.
The router config can be a little bit confusing thats true and it is hard to explain every vlans and ports functions.
VLAN1001 is from the ISP and has PPPOE - Server in it.
VLAN5 is a management vlan from the ISP.
VLAN3901 doesn’t need to be mentiont right now, does not have any function that could cause problems. - could be even disabled.
ETH3 is connected via a 5GHZ link to the customer LAN (ETH3 is in a bridge , it shouldn’t be there now because its alone in that bridge- but don’t think that is a problem) - On this “bridge_pelpuszta” is the DHCP that gives out addresses to lan devices.
So VLAN1001 (PPPOE_service vlan) → PPPOE Client → DHCP server on “bridge_pelpuszta” → LAN devices.