Table of Contents
Advertisement
www.zyxel.com
What Could Go Wrong?
If you see [info] or [error] log message such as below, please check ZyWALL/USG
Phase 1 Settings. All ZyWALL/USG units must use the same Pre-Shared Key,
Encryption, Authentication method, DH key group and ID Type to establish the
IKE SA.
If you see that Phase 1 IKE SA process done but still get [info] log message as
below, please check ZyWALL/USG Phase 2 Settings. All ZyWALL/USG units must
use the same Protocol, Encapsulation, Encryption, Authentication method and
PFS to establish the IKE SA.
Make sure the all ZyWALL/USG units' security policies allow IPSec VPN traffic. IKE
uses UDP port 500, AH uses IP protocol 51, and ESP uses IP protocol 50.
By default, NAT traversal is enabled on ZyWALL/USG, so please make sure the
remote IPSec device also has NAT traversal enabled.
159/810
Advertisement
Table of Contents
