Re: L2TP and NAT

#48080

14:51:27 INFO: IPsec-SA established: ESP/Transport 80.80.YYY.YYY[16553]->192.168.XXX.XXX[4500] spi=102415966(0x61abe5e)
14:51:27 INFO: IPsec-SA established: ESP/Transport 192.168.XXX.XXX[4500]->80.80.YYY.YYY[16553] spi=10807808(0xa4ea00)
14:51:27 ERROR: such policy does not already exist: “80.80.YYY.YYY/32[16553] ZZZ.ZZZ.ZZZ.ZZZ/32[1701] proto=udp dir=in”
14:51:27 ERROR: such policy does not already exist: “ZZZ.ZZZ.ZZZ.ZZZ/32[1701] 80.80.YYY.YYY/32[16553] proto=udp dir=out”

You can’t run L2TP with NAT on your router.

It looks like you have Computer1 with a private ip address behind a nat’d router trying to make a L2TP session with a zeroshell box.
You will need to put your Computer1 in a DMZ so that it gets the public IP address needed to make the L2TP session work.

If it’s the other way around then you need to give your zeroshell box a public IP address on the wan interface or put it in a DMZ. Either way L2TP is designed to work best with 2 public IP addresses. One on the calling station and one on the RAS.

If you want to test this without changing your configs just dialup (analog phone line/56k modem) to the internet and connect to your zeroshell box.