ZyXEL Communications 100 Series Network Router User Manual


  Open as PDF
of 902
 
Chapter 49 Troubleshooting
ZyWALL USG 100/200 Series User’s Guide
746
If you have the ZyWALL and remote IPSec router use certificates to authenticate each
other, make sure they trust each other’s certificates. If the ZyWALL’s certificate is self-
signed, import it into the remote IPsec router. If it is signed by a CA, make sure the remote
IPsec router trusts that CA. The ZyWALL uses one of its Trusted Certificates to
authenticate the remote IPSec router’s certificate. The trusted certificate can be the remote
IPSec router’s self-signed certificate or that of a trusted CA that signed the remote IPSec
router’s certificate.
V I cannot set up an L2TP VPN tunnel.
1 Make sure you have configured L2TP correctly on the remote user computers. See
Section 26.6 on page 419 for examples.
2 Make sure you configured an appropriate policy route on the ZyWALL.
3 Make sure there is not a firewall or NAT router between the ZyWALL and the remote
users.
4 Make sure the remote users are using public IP addresses.
V The VPN connection is up but VPN traffic cannot be transmitted through the
VPN tunnel.
Routing policies define how the ZyWALL forwards packets to their destinations. You must
create a policy route for the ZyWALL to route VPN traffic through a VPN tunnel to the
remote network.
The VPN wizard automatically creates a corresponding policy route. If you use the VPN >
IPSec VPN or VPN > L2TP VPN screens to set up a VPN tunnel, you need to manually
configure a policy route for the VPN tunnel.
V I cannot download the ZyWALL’s firmware package.
The ZyWALL’s firmware package cannot go through the ZyWALL when you enable the anti-
virus Destroy compressed files that could not be decompressed option. The ZyWALL
classifies the firmware package as not being able to be decompressed and deletes it.
You can upload the firmware package to the ZyWALL with the option enabled, so you only
need to clear the Destroy compressed files that could not be decompressed option while
you download the firmware package. See Section 28.2.1 on page 473 for more on the anti-
virus Destroy compressed files that could not be decompressed option.
 previous next