What Can Go Wrong - ZyXEL Communications ZyWALL 110 Handbook
Zywall/usg series security firewalls
Hide thumbs
Also See for ZyWALL 110:
- User manual (1090 pages) ,
- Handbook (749 pages) ,
- Handbook & instructions (255 pages)
Table of Contents
Advertisement
Figure 275 VPN > Monitor > IPsec Monitor
To test whether or not a tunnel is working, ping from a computer at one site to a computer at the
4
other. Ensure that both computers have Internet access (via the IPSec devices).
Figure 276 PC behind ZyWALL/USG > Window 7 > cmd > ping 192.168.2.33
Figure 277 PC behind FortiGate> Window 7 > cmd > ping 192.168.1.33
4.3.4 What Can Go Wrong?
If you see below [info] or [error] log message, please check ZyWALL/USG Phase 1 Settings. Both
1
ZyWALL/USG and FortiGate must use the same Pre-Shared Key, Encryption, Authentication
method, DH key group and ID Type to establish the IKE SA.
Figure 278 MONITOR > Log
If you see that Phase 1 IKE SA process done but still get below [info] log message, please check
2
ZyWALL/USG and FortiGate Phase 2 Settings. Both ZyWALL/USG and FortiGate must use the same
Protocol, Encapsulation, Encryption, Authentication method and PFS to establish the IKE SA.
Figure 279 MONITOR > Log
Make sure the both ZyWALL/USG and FortiGate security policies allow IPSec VPN traffic. IKE uses
3
UDP port 500, AH uses IP protocol 51, and ESP uses IP protocol 50.
Chapter 4 Create Site-to-Site VPN Tunnels
ZyWALL/USG Series User's Guide
124
Advertisement
Table of Contents
