ZyXEL Communications ZyWALL 1050 Release Note page 106

www.zyxel.com
7. Suggest keepalived send all IP's gratuitous ARP including alias IP.
6. [BUG FIX] 060907317
Symptom:
When user configures IPSec VPN on master device and establishes tunnels with
remote ZW1050 gateway, once master device goes down remote security gateway
cannot dynamically rebuild tunnels with backup device.
Condition:
---ZW1050(master)---+L3 switch-----------Remote ZW1050
---ZW1050(slave)-----|
1. ZW1050 (master) LAN IP = 192.168.1.1, WAN1 IP = 10.0.0.1
2. ZW1050 (slave) LAN IP = 192.168.1.1, WAN1 IP = 10.0.0.1, VRRP manage IP
on LAN = 192.168.1.2, VRRP manage IP on WAN1 = 10.0.0.2
3. Create 1 dynamic rule for ZW1050 (master) , ZW1050 (slave)
4. Create 100 IPSec rules with one IKE for Remote ZW1050
5. Initiate from Remote ZW1050 LAN side by Smartbit and the total traffic is
45Mbps.
6. At beginning, the 100 IPSec tunnels were built between Master and Remote
ZW1050.
7. Power off ZW1050 (master), and the slave become master. After 8 minutes, the
Remote ZW1050 sent DPD check to ZW1050 (slave) and the ZW1050 return ack
to Remote ZW1050.
8. The 100 IPsec tunnels can't be triggered again because remote zw1050 still keep
100 tunnels alive.
9. After a night, the 100 IPSec tunnels still couldn't be rebuilt successfully.
7. [BUG FIX] 060904101
Symptom:
ZW1050 will crash if using CA for IKE but no certificate in Trust CA.
Condition:
ZW_A ＜＜ IPSEC ＞＞ ZW_B
ZW_A Setting:
IKE using Cer_A
My Certificates: Cer_A
Trusted Certificate: Cer_B
ZW_B Setting:
IKE using Cer_B
My Certificates: Cer_B
Trusted Certificate: Cer_A
1. ZW_A initiates IPSEC Tunnel successfully.
2. ZW_A deletes Tunnel.
3. ZW_A deletes Trusted Certificate Cer_B.
4. ZW_A initiates IPSEC Tunnel again.
5. ZW_A crashes.
8. [BUG FIX] 060825495
Symptom:
106/142