What Can Go Wrong - ZyXEL Communications ZyWALL 110 Handbook
Zywall/usg series security firewalls
Hide thumbs
Also See for ZyWALL 110:
- User manual (1090 pages) ,
- Handbook (749 pages) ,
- Handbook & instructions (255 pages)
Table of Contents
Advertisement
Figure 464 Spoke_Branch_B > MONITOR > VPN Monitor > IPSec
4.9.8 What Can Go Wrong?
If you see [info] or [error] log message such as below, please check ZyWALL/USG Phase 1 Settings.
1
All ZyWALL/USG units must use the same Pre-Shared Key, Encryption, Authentication method, DH
key group and ID Type to establish the IKE SA.
Figure 465
If you see that Phase 1 IKE SA process done but still get [info] log message as below, please check
2
ZyWALL/USG Phase 2 Settings. All ZyWALL/USG units must use the same Protocol, Encapsulation,
Encryption, Authentication method and PFS to establish the IKE SA.
Figure 466
Make sure the all ZyWALL/USG units' security policies allow IPSec VPN traffic. IKE uses UDP port
3
500, AH uses IP protocol 51, and ESP uses IP protocol 50.
By default, NAT traversal is enabled on ZyWALL/USG, so please make sure the remote IPSec device
4
also has NAT traversal enabled.
Chapter 4 Create Site-to-Site VPN Tunnels
ZyWALL/USG Series User's Guide
199
Advertisement
Table of Contents
