Filter
Top Products
Chapter 44 Troubleshooting
ZyWALL 110/310/1100 Series User’s Guide
532
• Make sure regular firewall rules allow traffic between the VPN tunnel and the rest of the network.
Regular firewall rules check packets the ZyWALL sends before the ZyWALL encrypts them and
check packets the ZyWALL receives after the ZyWALL decrypts them. This depends on the zone
to which you assign the VPN tunnel and the zone from which and to which traffic may be routed.
• If you set up a VPN tunnel across the Internet, make sure your ISP supports AH or ESP
(whichever you are using).
• If you have the ZyWALL and remote IPSec router use certificates to authenticate each other, You
must set up the certificates for the ZyWALL and remote IPSec router first and make sure they
trust each other’s certificates. If the ZyWALL’s certificate is self-signed, import it into the remote
IPsec router. If it is signed by a CA, make sure the remote IPsec router trusts that CA. The
ZyWALL uses one of its Trusted Certificates to authenticate the remote IPSec router’s
certificate. The trusted certificate can be the remote IPSec router’s self-signed certificate or that
of a trusted CA that signed the remote IPSec router’s certificate.
• Multiple SAs connecting through a secure gateway must have the same negotiation mode.
The VPN connection is up but VPN traffic cannot be transmitted through the VPN tunnel.
If you have the Configuration > VPN > IPSec VPN > VPN Connection screen’s Use Policy
Route to control dynamic IPSec rules option enabled, check the routing policies to see if they
are sending traffic elsewhere instead of through the VPN tunnels.
I uploaded a logo to show in the SSL VPN user screens but it does not display properly.
The logo graphic must be GIF, JPG, or PNG format. The graphic should use a resolution of 103 x 29
pixels to avoid distortion when displayed. The ZyWALL automatically resizes a graphic of a different
resolution to 103 x 29 pixels. The file size must be 100 kilobytes or less. Transparent background is
recommended.
I logged into the SSL VPN but cannot see some of the resource links.
Available resource links vary depending on the SSL application object’s configuration.
I changed the LAN IP address and can no longer access the Internet.
The ZyWALL automatically updates address objects based on an interface’s IP address, subnet, or
gateway if the interface’s IP address settings change. However, you need to manually edit any
address objects for your LAN that are not based on the interface.
I cannot get the RADIUS server to authenticate the ZyWALL‘s default admin account.