ZyXEL Communications ZYWALL USG 1000 - EDITION 2 Manual page 897
Unified security gateway
Hide thumbs
Also See for ZYWALL USG 1000 - EDITION 2:
- User manual (1075 pages) ,
- Support notes (345 pages) ,
- Quick start manual (130 pages)
Table of Contents
Advertisement
Make sure you have the FTP ALG enabled.
The ZyWALL keeps resetting the connection.
If an alternate gateway on the LAN has an IP address in the same subnet as the
ZyWALL's LAN IP address, return traffic may not go through the ZyWALL. This is
called an asymmetrical or "triangle" route. This causes the ZyWALL to reset the
connection, as the connection has not been acknowledged.
You can set the ZyWALL's firewall to permit the use of asymmetrical route
topology on the network (so it does not reset the connection) although this is not
recommended since allowing asymmetrical routes may let traffic from the WAN go
directly to the LAN without passing through the ZyWALL. A better solution is to
use virtual interfaces to put the ZyWALL and the backup gateway on separate
subnets. See
for more information.
I cannot set up an IPSec VPN tunnel to another device.
If the IPSec tunnel does not build properly, the problem is likely a configuration
error at one of the IPSec routers. Log into both ZyXEL IPSec routers and check the
settings in each field methodically and slowly. Make sure both the ZyWALL and
remote IPSec router have the same security settings for the VPN tunnel. It may
help to display the settings for both routers side-by-side.
Here are some general suggestions. See also
• The system log can often help to identify a configuration problem.
• If you enable NAT traversal, the remote IPSec device must also have NAT
traversal enabled.
• The ZyWALL and remote IPSec router must use the same authentication method
to establish the IKE SA.
• Both routers must use the same negotiation mode.
• Both routers must use the same encryption algorithm, authentication algorithm,
and DH key group.
• When using manual keys, the ZyWALL and remote IPSec router must use the
same encryption key and authentication key.
• When using pre-shared keys, the ZyWALL and the remote IPSec router must
use the same pre-shared key.
• The ZyWALL's local and peer ID type and content must match the remote IPSec
router's peer and local ID type and content, respectively.
ZyWALL USG 1000 User's Guide
Asymmetrical Routes on page 433
Chapter 56 Troubleshooting
and the chapter about interfaces
Chapter 25 on page
443.
897
Advertisement
Table of Contents
Troubleshooting
Related Manuals for ZyXEL Communications ZYWALL USG 1000 - EDITION 2
Related Products for ZyXEL Communications ZYWALL USG 1000 - EDITION 2
- ZyXEL Communications ZYWALL USG 200 UNIFIED
- ZyXEL Communications ZyXEL ZyWALL 35
- ZyXEL Communications ZyXEL ZyWALL 5
- ZyXEL Communications USG-100@USG-200 - V2.20 ED 2
- ZyXEL Communications ZyWALL USG100-Plus
- ZyXEL Communications ZYWALL USG 1000 CLI
- ZyXEL Communications USG1900
- ZyXEL Communications USG1100