ZyXEL Communications ZyWALL 1050 Release Note page 34

www.zyxel.com
c. Do not check NAT loopback＇
d. Reboot, startup config will fail.
27. [BUG FIX] SPR ID: 071024406
Symptom:
SSLVPN 50 concurrent users failed
Condition:
1. When establishing 49 concurrent users (sometimes 48 users) after a while, all connections
suddenly broken.
2. SSLVPN 50 concurrent users failed.
3. Hence, SPR "070719013" could be verified
28. [BUG FIX] SPR ID: 071205228
Symptom:
The UDP length of NAT-T traffic is incorrect
Condition:
PC1 ＜=＞ zw2+ ＜=＞ NAT Router ＜=＞ zw1050 ＜=＞ PC2
1. zw2+ builds an IPsec tunnel with zw1050 and enables NATT
2. PC1 sends traffic to PC2
3. The UDP length of ESP traffic is always 48 bytes.
If the NAT router is able to check this field, the traffic will always be dropped.
29. [BUG FIX] SPR ID: 080114608
Symptom:
The phase-1 lifetime is equal to the value of phase-2 lifetime; it will have failure
negotiation of phase-2
Condition:
1. Setup a dynamic tunnel on zw1050(or usg), make phase-1 and phase-2 lifetime is the
same. Try to setup simulated Internet too. (Dropping and delaying for
incoming/outgoing IKE packet)
2. Setup a peer gateway (the lifetime is equal to zw1050 or usg)
and establish the tunnel (nail-up).
3. Monitor the tunnel by using Alchemy Eye and collect logs
it is possible to have phase-2 negotiation failed due to phase-1 SA timeout.
30. [BUG FIX] SPR ID: 070717928
Symptom:
Device will crash while dial IPSec Tunnel.
Condition:
ZW-A ＜--＞ NAT ＜--＞ ZW-B
1. ZW-A is behind NAT
2. Configure ZW-A and ZW-B to transport Mode with NATT enabled
34/142