What are good L2TP VPN firewalls for Mac OS X?

Hi Experts,

Do you know what VPN-firewalls/routers work well with Mac OS X (verified as working well)?
I want to set up a VPN router (for a client) that supports L2TP, and we want VPN authentication on the firewall. The Zyxel Zywall USG 100 looks fine, but according to info I found -and answers I got from Zyxel support- there are issues with this particular model and Mac OS X clients.

So my questions are:
1. Do you have experience with the Zywall USG 100 and Mac OS X? If so, is the L2TP VPN connection stable?
2. What other brands/type firewalls would you recommend? It's for a small company, ±10 VPN users and must support L2TP on Mac OS X and iOS.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

We have deployed countless Netgear models in both Mac-only and mixed environments with great success. We also use Sonicwalls now and again, but for the money Netgear is great. I would not go with anything below the FVS338, the process is the 318 is not the greatest and it has WAN capacity issues.

We have tested for the following:

FVS338 max WAN 15Mbps/12Mbps
FVX336G and the FVX538 max WAN 64Mbps/42Mbps

Don't by the combo Wifi one.

We use VPNTracker for the VPN, there is also a open source program called IPSecuritas I believe.

Do you have a server in house? There are some apps that can provide the L2TP if you don't have the server OS.
Mac2010Author Commented:
Thanks! It looks like the Netgear devices you mention do not support L2TP (they support IPsec and SSL VPN). What SonicWall device have you been using? In this situation money is less of an issue than security. That's why I prefer authentication on the firewall/router instead of on the Mac OS X server.
Cisco's ASA 5505 is great. Cisco's VPN protocols are directly integrated into both Mac OS X and iOS.
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

Mac2010Author Commented:
Do you know if the Cisco and Netgear devices supports clients (like teleworker) who reside behind a public IP adress (home, hotel, small business) and use a private IP address? IE: router has public IP address (like and share this address (NAT) with computers using a private address (like 192.168.1.X).

The Zyxel firewall has a problem with that. I haven't figured out yet if that is to blame on the Zyxel firmware, or on L2TP.

Sorry for the 'newbie' questions. So far NAT and certificates work fine for me, but now I need to get into the VPN stuff more in-depth than I have until now...
The Cisco ASA supports NAT traversal. I do not have any experience with Zyxel.
Also, if you purchase a support contract with your Cisco device, you will get excellent 24-hour support from Cisco.
Mac2010Author Commented:
Thanks. I will look into this tomorrow. Do you have experience with SSL VPN? It looks interesting but I wonder how stable the Java applets work.
The AnyConnect VPN client from Cisco is stable on all platforms we've tried to use it on, primarily 10.5 and 10.6.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mac2010Author Commented:
I checked the routers. The Cisco is the best replacement for the Zyxel I originally had in mind. The Netgear device I'll keep in mind for another job.
As far as I can tell you need IPSec with NAT traversal instead of L2TP. Thanks for helping me out.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Mac OS X

From novice to tech pro — start learning today.