One should simply have to port forward the incoming VPN port to the zyxel router from the MT. Thus the incoming handshake goes to the zyxel device.
Hi,
Ok I know that a port forward should work, maybe I am only applying bad rules so I copy the created rules please have a look at them.
Following rules were created and are not working (192.168.12.233 is the zyxel) :
/ip firewall nat
add action=dst-nat chain=dstnat dst-address=45.130.250.250 dst-port=1701 protocol=tcp to-addresses=192.168.12.233 to-ports=1701
add action=dst-nat chain=dstnat dst-address=45.130.250.250 dst-port=1701 protocol=udp to-addresses=192.168.12.233 to-ports=1701
add action=dst-nat chain=dstnat dst-address=45.130.250.250 dst-port=500 protocol=udp to-addresses=192.168.12.233 to-ports=500
add action=dst-nat chain=dstnat dst-address=45.130.250.250 dst-port=4500 protocol=udp to-addresses=192.168.12.233 to-ports=4500
add action=dst-nat chain=dstnat dst-address=45.130.250.250 dst-port=5500 protocol=udp to-addresses=192.168.12.233 to-ports=5500
add action=dst-nat chain=dstnat dst-address=45.130.250.250 protocol=ipsec-esp to-addresses=192.168.12.233
add action=dst-nat chain=dstnat dst-address=45.130.250.250 protocol=ipsec-ah to-addresses=192.168.12.233
add action=dst-nat chain=dstnat dst-address=45.130.250.250 protocol=gre to-addresses=192.168.12.233
add action=dst-nat chain=dstnat dst-address=45.130.250.250 protocol=l2tp to-addresses=192.168.12.233
add action=masquerade chain=srcnat out-interface=Internet src-address=192.168.12.0/24
add action=masquerade chain=srcnat src-address=192.168.30.10
Mihawk95