Using VPN with a draytek behind a zyxel firewall

Posted on 2015-01-18
Last Modified: 2015-01-29

i am trying to install a draytek device only for VPN behind a zyxell zywall usg200.
If i connect to the draytek from intenal lan i can access vpn and authenticate.
But if i connect from outside, i cant connect. So i think the Zyxell blocks it?

I inserted the following:

    incoming: any
    Source: NAT Internal IP
    Destination: NAT internal IP
    Service: GRE and pptp (1723)

    Interface: WAN2
    Original IP: NAT Internal IP
    Mapped IP: Draytek IP
    Port: PPTP (1723)
    Protokoll: TCP

Similar settings work fine with RDP or https. But i can´t access VPN. I deactivated everything of VPN i found in zywall.
Question by:loosain
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 94

Accepted Solution

John Hurst earned 500 total points
ID: 40556785
Did you try NAT Traversal on the Draytek?  You have created a double NAT type of situation.

Can you use the Draytek as firewall also and eliminate the other firewall (in other words, why so complicated?)

Author Closing Comment

ID: 40577159
Our customer wants it so. I have a new question started with a little more detailed information:

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question