7800DX IPSEC/L2TP Passthrough Issues

Post Reply
ptrimble
Posts: 1
Joined: Mon Oct 24, 2016 11:54 pm

7800DX IPSEC/L2TP Passthrough Issues

Post by ptrimble » Tue Oct 25, 2016 10:25 pm

Wondering if anyone can help. Like many I have an conceptual understanding of FW routing but truth is I probably don't truly get it which is why when the out of the box fails me I get into trouble :-) so I have done my best to break down what I have tested to help isolate

All literature suggested the 7800DX supports IPSEC/L2TP Pass through, however we can’t get the Billion 7800DX to pass-through L2TP to the windows servers.

Test setup is
- PC - Windows 10 Pro workstation with Standard Windows VPN Client using L2TP with custom Pre-shared Key
- Server - Server Windows 2012 R2 with standard RRAS: L2TP with pre-shared key
- Billion 7800DX Firmware 2.32e
- All tests performed after factory reset

Testing
Direct Test: PC > LAN > Server : PASS

Route Only Test : PC > eWAN on Billion > Server : PASS
- WAN FW and NAT disabled

Firewall/Port Forward : PC > eWAN on Billion > WAN IP : FAIL
- WAN FW and NAT enabled
- NAT to Server (UDP500, UDP 1701, ESP, UDP 4500)

IPSEC Nat Traversal Enabled : Firewall/Port Forward : PC > eWAN on Billion > WAN IP : FAIL
- WAN FW and NAT enabled
- NAT to Server (UDP500, UDP1701, ESP, UDP 4500)
- VPN IPSec Nat Traversal Enabled

IPSEC Nat Traversal Disabled : Firewall/Port Forward : PC > eWAN on Billion > WAN IP : FAIL
- WAN FW and NAT enabled
- NAT to Server (UDP500, UDP 1701, ESP, UDP 4500)
- VPN IPSec Nat Traversal Enabled

ALG IPSec Disabled : Firewall/Port Forward : PC > eWAN on Billion > WAN IP : FAIL
- WAN FW and NAT enabled
- NAT to Server (UDP500, UDP 1701, ESP, UDP 4500)
- VPN IPSec Nat Traversal Disabled
- ALG IPSec Disabled

DMZ Host : Set to Server : FAIL

One-One-Nat to Server
- PPTP : PASS
- L2TP : FAIL

billion_fan
Posts: 5203
Joined: Tue Jul 19, 2011 4:30 pm

Re: 7800DX IPSEC/L2TP Passthrough Issues

Post by billion_fan » Wed Oct 26, 2016 10:15 am

ptrimble wrote:Wondering if anyone can help. Like many I have an conceptual understanding of FW routing but truth is I probably don't truly get it which is why when the out of the box fails me I get into trouble :-) so I have done my best to break down what I have tested to help isolate

All literature suggested the 7800DX supports IPSEC/L2TP Pass through, however we can’t get the Billion 7800DX to pass-through L2TP to the windows servers.

Test setup is
- PC - Windows 10 Pro workstation with Standard Windows VPN Client using L2TP with custom Pre-shared Key
- Server - Server Windows 2012 R2 with standard RRAS: L2TP with pre-shared key
- Billion 7800DX Firmware 2.32e
- All tests performed after factory reset

Testing
Direct Test: PC > LAN > Server : PASS

Route Only Test : PC > eWAN on Billion > Server : PASS
- WAN FW and NAT disabled

Firewall/Port Forward : PC > eWAN on Billion > WAN IP : FAIL
- WAN FW and NAT enabled
- NAT to Server (UDP500, UDP 1701, ESP, UDP 4500)

IPSEC Nat Traversal Enabled : Firewall/Port Forward : PC > eWAN on Billion > WAN IP : FAIL
- WAN FW and NAT enabled
- NAT to Server (UDP500, UDP1701, ESP, UDP 4500)
- VPN IPSec Nat Traversal Enabled

IPSEC Nat Traversal Disabled : Firewall/Port Forward : PC > eWAN on Billion > WAN IP : FAIL
- WAN FW and NAT enabled
- NAT to Server (UDP500, UDP 1701, ESP, UDP 4500)
- VPN IPSec Nat Traversal Enabled

ALG IPSec Disabled : Firewall/Port Forward : PC > eWAN on Billion > WAN IP : FAIL
- WAN FW and NAT enabled
- NAT to Server (UDP500, UDP 1701, ESP, UDP 4500)
- VPN IPSec Nat Traversal Disabled
- ALG IPSec Disabled

DMZ Host : Set to Server : FAIL

One-One-Nat to Server
- PPTP : PASS
- L2TP : FAIL
Can you submit a ticket on the following link http://www.billion.uk.com/esupport/inde ... ets/Submit

Also provide us with your network topology eg Win 10 Client >>> Internet (IPsec/LT2P) >>> Billion >>> Win Server

Also provide us with a screen capture of the virtual server rules you have added, and what WAN interface you are using eg ADSL, VDSL via EWAN etc

Post Reply