I have an office LAN protected using a Zyxel Zywall USG 300. I've set up an L2TP/ipsec VPN on that which accepts connections using a shared secret and I've tested this from multiple clients.

I have a server offsite and want to set up RRAS to use a persistent connection to the VPN so that it can carry out network jobs even with no one logged in (I'm using it for Micorosft DPM secondary backup).

If I create a vpn as if I were setting up a users laptop it can dial in no problem but if I set up a demand dial interface in RRAS it errors.

• I enable RRAS ticking only demand dial interface (branch office routing)
• Select network interfaces, right click and choose new demand dial interface
• Name the VPN ToCompany
• Select connect using VPN
• And then L2TP as the vpn type
• enter the IP address (double-checked for typos!)
• select Route IP packets on this interface
• specify static route to remote network as 10.0.0.0/24 with metric of 1
• add dial out credentials (again double checked for typos and confirmed with other vpn connections
• click finish
• now I right-click on the new interface and choose properties and then the security tab
• I change Data encryption to optional
• select only PAP for Authentication (both as per manufacturer of Zywall)
• click advanced settings against type of vpn and set shared secret
• then I select the new interface, right-click and choose connect

this dials and then errors with either 720 or 811 as the error codes. However, if I create a VPN by going to Network & Sharing center and setting up as if I was creating a VPN from my laptop to the office (say) it dials successfully

so I know the VPN settings are correct and the machine can connect to the VPN.

Suggests very strongly the problem is how I'm setting up RRAS. Can anyone help?