Table of Contents
Advertisement
• You may need to configure the DDNS entry's IP Address setting to Auto if the interface has a
dynamic IP address or there are one or more NAT routers between the ISG50 and the DDNS
server.
• The ISG50 may not determine the proper IP address if there is an HTTP proxy server between the
ISG50 and the DDNS server.
I cannot create a second HTTP redirect rule for an incoming interface.
You can configure up to one HTTP redirect rule for each (incoming) interface.
The ISG50 keeps resetting the connection.
If an alternate gateway on the LAN has an IP address in the same subnet as the ISG50's LAN IP
address, return traffic may not go through the ISG50. This is called an asymmetrical or "triangle"
route. This causes the ISG50 to reset the connection, as the connection has not been
acknowledged.
You can set the ISG50's firewall to permit the use of asymmetrical route topology on the network
(so it does not reset the connection) although this is not recommended since allowing asymmetrical
routes may let traffic from the WAN go directly to the LAN without passing through the ISG50. A
better solution is to use virtual interfaces to put the ISG50 and the backup gateway on separate
subnets. See
information.
I cannot set up an IPSec VPN tunnel to another device.
If the IPSec tunnel does not build properly, the problem is likely a configuration error at one of the
IPSec routers. Log into both ZyXEL IPSec routers and check the settings in each field methodically
and slowly. Make sure both the ISG50 and remote IPSec router have the same security settings for
the VPN tunnel. It may help to display the settings for both routers side-by-side.
Here are some general suggestions. See also
• The system log can often help to identify a configuration problem.
• If you enable NAT traversal, the remote IPSec device must also have NAT traversal enabled.
• The ISG50 and remote IPSec router must use the same authentication method to establish the
IKE SA.
• Both routers must use the same negotiation mode.
• Both routers must use the same encryption algorithm, authentication algorithm, and DH key
group.
• When using manual keys, the ISG50 and remote IPSec router must use the same encryption key
and authentication key.
• When using pre-shared keys, the ISG50 and the remote IPSec router must use the same pre-
shared key.
ISG50 User's Guide
Asymmetrical Routes on page 360
and the chapter about interfaces for more
Chapter 24 on page
367.
Chapter 61 Troubleshooting
769
Advertisement
Table of Contents
Troubleshooting
