Chapter 49 Troubleshooting
•If you have the ZyWALL and remote IPSec router use certificates to authenticate each other, make sure they trust each other’s certificates. If the ZyWALL’s certificate is self- signed, import it into the remote IPsec router. If it is signed by a CA, make sure the remote IPsec router trusts that CA. The ZyWALL uses one of its Trusted Certificates to authenticate the remote IPSec router’s certificate. The trusted certificate can be the remote IPSec router’s
I cannot set up an L2TP VPN tunnel.
1Make sure you have configured L2TP correctly on the remote user computers. See Section 26.6 on page 419 for examples.
2Make sure you configured an appropriate policy route on the ZyWALL.
3Make sure there is not a firewall or NAT router between the ZyWALL and the remote users.
4Make sure the remote users are using public IP addresses.
The VPN connection is up but VPN traffic cannot be transmitted through the VPN tunnel.
Routing policies define how the ZyWALL forwards packets to their destinations. You must create a policy route for the ZyWALL to route VPN traffic through a VPN tunnel to the remote network.
The VPN wizard automatically creates a corresponding policy route. If you use the VPN > IPSec VPN or VPN > L2TP VPN screens to set up a VPN tunnel, you need to manually configure a policy route for the VPN tunnel.
I cannot download the ZyWALL’s firmware package.
The ZyWALL’s firmware package cannot go through the ZyWALL when you enable the anti- virus Destroy compressed files that could not be decompressed option. The ZyWALL classifies the firmware package as not being able to be decompressed and deletes it.
You can upload the firmware package to the ZyWALL with the option enabled, so you only need to clear the Destroy compressed files that could not be decompressed option while you download the firmware package. See Section 28.2.1 on page 473 for more on the anti- virus Destroy compressed files that could not be decompressed option.
746 |
| |
ZyWALL USG 100/200 Series User’s Guide |
| |
|
|
|