ZyXEL Communications ZYWALL USG 2000 Support Notes page 207

ZyWALL USG 2000 Support Notes
G. VPN and Certificate
G01. Why can't the VPN connections dial to a remote gateway?
Please check the responder's logs whether the fail occurs in phase 1 or phase 2. If the phase 1
has failed, try to check the VPN gateway configuration, such as proposals or Local/Remote ID.
If the phase 2 has failed, try to check the VPN connection configuration, such as whether the
policy matches the one of the remote gateway.
G02. VPN connections are dialed successfully, but the traffic still cannot go
through the IPsec tunnel.
Check if there is a policy route that directs the traffic into the VPN connection. After the
policy route is set, if the traffic still goes through another route path, check the order of policy
routes.
G03. Why ZyWALL USG 2000 VPN tunnel had been configured correctly and the
VPN connection status is connected but the traffic still can not reach the remote
VPN subnet?
ZyWALL USG 2000 VPN traffic is the route base VPN, this means we need to configure a
policy route rule to guide the ZyWALL USG 2000 how to route the VPN traffic to the VPN
remote subnet. We can check if our VPN parameter setting is working by clicking connect
icon after VPN tunnel has configured in both gateway. The VPN connection status showed
below is connected.
We need a policy route to notify the ZyWALL USG 2000 send the packet to VPN tunnel
when the packet's destination address is VPN remote subnet. Please switch to ZyWALL USG
207
All contents copyright (c) 2008 ZyXEL Communications Corporation.