ZyXEL Communications ZyWALL USG 200 Series User Manual page 913
Unified security gateway
Hide thumbs
Also See for ZyWALL USG 200 Series:
- User manual (902 pages) ,
- Manual (1157 pages) ,
- Reference manual (394 pages)
Table of Contents
Advertisement
• If you set up a VPN tunnel across the Internet, make sure your ISP supports AH
or ESP (whichever you are using).
• If you have the ZyWALL and remote IPSec router use certificates to authenticate
each other, You must set up the certificates for the ZyWALL and remote IPSec
router first and make sure they trust each other's certificates. If the ZyWALL's
certificate is self-signed, import it into the remote IPsec router. If it is signed by
a CA, make sure the remote IPsec router trusts that CA. The ZyWALL uses one
of its Trusted Certificates to authenticate the remote IPSec router's
certificate. The trusted certificate can be the remote IPSec router's self-signed
certificate or that of a trusted CA that signed the remote IPSec router's
certificate.
• Multiple SAs connecting through a secure gateway must have the same
negotiation mode.
I cannot set up an L2TP VPN tunnel.
• Make sure you have configured L2TP correctly on the remote user computers.
See
Section 8.5 on page 189
• Make sure you configured an appropriate policy route on the ZyWALL.
• Make sure there is not a firewall between the ZyWALL and the remote users.
• If it is possible that the remote user's public IP address could be in the same
subnet as the specified My Address, click Configure > Network > Routing >
Policy Route > Show Advanced Settings and select Use Policy Route to
Override Direct Route.
• Modifying the VPN connection or the VPN gateway that L2TP uses disconnects
any existing L2TP VPN sessions. Disconnect any existing L2TP VPN sessions
before modifying L2TP VPN settings. The remote users must make any needed
matching configuration changes and re-establish the sessions using the new
settings.
I cannot get my VPN concentrator configuration to work.
• Turn off policy enforcement in the member VPN connections.
• Make sure your firewall rules are not blocking the VPN packets.
• If the USG ZyWALLs' VPN tunnels are members of a single zone, make sure it is
not set to block intra-zone traffic.
The VPN connection is up but VPN traffic cannot be transmitted through the VPN
tunnel.
ZyWALL USG 100/200 Series User's Guide
for examples.
Chapter 56 Troubleshooting
913
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
