50
Troubleshooting
This chapter offers some suggestions to solve problems you might encounter.
I cannot set up an IPSec VPN tunnel to another device.
If the IPSec tunnel does not build properly, the problem is likely a configuration error at one of the IPSec routers. Log into both ZyXEL IPSec routers and check the settings in each field methodically and slowly. It may help to display the settings for both routers
Here are some general suggestions. See also Section 20.2 on page 296.
•The system log can often help to identify a configuration problem.
•If the sites are/were previously connected using a leased line or ISDN router, physically disconnect these devices from the network before testing your new VPN connection. The old route may have been learnt by RIP and would take priority over the new VPN connection.
•To test whether or not a tunnel is working, ping from a computer at one site to a computer at the other.
Before doing so, ensure that both computers have Internet access (via the IPSec routers).
I cannot set up an L2TP VPN tunnel.
1Make sure you have configured L2TP correctly on the remote user computers. See Section 26.6 on page 355 for examples.
2Make sure you configured an appropriate policy route on the ZyWALL.
3Make sure there is not a firewall or NAT router between the ZyWALL and the remote users.
4Make sure the remote users are using public IP addresses.
The VPN connection is up but VPN traffic cannot be transmitted through the VPN tunnel.
| 651 |
ZyWALL USG 1000 User’s Guide | |
|
|