Table of Contents
Advertisement
MONITOR > Log
3
Make sure the both ZyWALL/USG at the HQ and Branch sites security
policies allow IPSec VPN traffic. IKE uses UDP port 500, AH uses IP
protocol 51, and ESP uses IP protocol 50.
4
Default NAT traversal is enable on ZyWALL/USG, please make sure the
remote IPSec device must also have NAT traversal enabled.
5
Make sure the both ZyWALL/USG at the HQ and Branch sites use static IP
address because VPN Tunnel Interface does not support dynamic peer.
6
Make sure policy routes are configured to control traffic between the
subnet of HQ and Branch through VTI.
7
Make sure that the IP address of VTI at the Branch must be in the same
subnet as vti1 on HQ. For example, the IP address and subnet mask of
vti1 on HQ is 10.10.10.10 and 255.255.255.0 respectively. The IP address of
vti1 on the Branch must be in the subnet of 10.10.10.0/24; the IP address
and subnet mask of vti2 on HQ is 10.10.11.10 and 255.255.255.0
respectively. The IP address of vti2 on the Branch must be in the subnet
of 10.10.10.0/24, and so on.
www.zyxel.com
412/810
Advertisement
Table of Contents
