ZyWALL (ZLD) VPN Troubleshooting

Similar documents
USG40HE Content Filter Customization

Chapter 10 Troubleshooting

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

RF550VPN and RF560VPN

How To Configure L2TP VPN Connection for MAC OS X client

How to setup PPTP VPN connection with DI-804HV or DI-808HV using Windows PPTP client

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

Release Notes. Pre-Installation Recommendations... 1 Platform Compatibility... 1 Known Issues... 2 Resolved Issues... 2 Troubleshooting...

Configuring MassTransit Server to listen on ports less than 1024 using WaterRoof on Macintosh Workstations

Using a VPN with Niagara Systems. v0.3 6, July 2013

Setting up VPN connection: DI-824VUP+ with Windows PPTP client

This chapter describes how to set up and manage VPN service in Mac OS X Server.

Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

7. Configuring IPSec VPNs

Setting up D-Link VPN Client to VPN Routers

1 PC to WX64 direction connection with crossover cable or hub/switch

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

Best Practices: Pass-Through w/bypass (Bridge Mode)

Using IPsec VPN to provide communication between offices

Using Remote Desktop Software with the LAN-Cell

Using a VPN with CentraLine AX Systems

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

Release Notes. Contents. Release Purpose. Pre-Installation Recommendations. Platform Compatibility. Dell SonicWALL Global VPN Client 4.

How To Industrial Networking

UTM - VPN: Configuring a Site to Site VPN Policy using Main Mode (Static IP address on both sites) i...

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

Network/VPN Overlap How-To with SonicOS 2.0 Enhanced Updated 9/26/03 SonicWALL,Inc.

How To Configure Syslog over VPN

Configuring SSL VPN on the Cisco ISA500 Security Appliance

1. Introduction What is Axis Camera Station? What is Viewer for Axis Camera Station? AXIS Camera Station Service Control 5

Configure VPN between ProSafe VPN Client Software and FVG318

DFL-210/260, DFL-800/860, DFL-1600/2500 How to setup IPSec VPN connection

Setting up and creating a Local Area Network (LAN) within Windows XP by Buzzons

Chapter 8 Lab B: Configuring a Remote Access VPN Server and Client

Matrix Technical Support Mailer 167 NAVAN CNX200 PPTP VPN with Windows Client

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Deploying the Barracuda Link Balancer with Cisco ASA VPN Tunnels

DSL-G604T Install Guides

Using Remote Desktop Software with the LAN-Cell 3

Deploying Windows Streaming Media Servers NLB Cluster and metasan

ASUS WL-5XX Series Wireless Router Internet Configuration. User s Guide

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

Computer Networks I Laboratory Exercise 1

SSL-VPN 200 Getting Started Guide

Abstract. Avaya Solution & Interoperability Test Lab

Broadband Bandwidth Controller

Configuring the PIX Firewall with PDM

Chapter 5 Customizing Your Network Settings

Chapter 7 Troubleshooting

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

1. Hardware Installation

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

1.0 Basic Principles of TCP/IP Network Communications

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

Chapter 9 Monitoring System Performance

Chapter 3 LAN Configuration

Using Cisco UC320W with Windows Small Business Server

ZyWALL USG-Series. How to setup a Site-to-site VPN connection between two ZyWALL USG series.

Windows XP VPN Client Example

V310 Support Note Version 1.0 November, 2011

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

Client applications are available for PC and Mac computers and ios and Android mobile devices. Internet

LICENSE MANAGER VERSION 7.2. Procedures for Use of Sentinel LM7.2 Server for CHEMCAD. rev

The Barracuda Network Connector. System Requirements. Barracuda SSL VPN

SonicWALL Global Management System Configuration Guide Standard Edition

Initial Access and Basic IPv4 Internet Configuration

vcloud Director User's Guide

Guideline for setting up a functional VPN

Configuring a VPN for Dynamic IP Address Connections

Viewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355

Easy Setup Guide for the Sony Network Camera

SSL VPN. Virtual Appliance Installation Guide. Virtual Private Networks

VPN Tracker for Mac OS X

VPN Configuration of ProSafe Client and Netgear ProSafe Router:

Barracuda Link Balancer Administrator s Guide

LevelOne. User Manual. FBR-1430 VPN Broadband Router, 1W 4L V1.0

Configuring Static IP for your Pace Devices

Firewall Defaults and Some Basic Rules

UIP1868P User Interface Guide

HOWTO: How to configure IPSEC gateway (office) to gateway

Setting Up Your FTP Server

Configuring Routers and Their Settings

STATIC IP SET UP GUIDE

How to Install and Configure the DHCP Service in Windows Server 2008 R2

VPN Configuration Guide. Cisco Small Business (Linksys) RV016 / RV042 / RV082

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

Protecting the Home Network (Firewall)

Netgear ProSafe VPN firewall (FVS318 or FVM318) to Cisco PIX firewall

Creating a Client-To-Site VPN. BT Cloud Compute. The power to build your own cloud solutions to serve your specific business needs.

Application Notes. How to Configure UTM with Apple OSX and ios Devices for IPsec VPN

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

Setting up VPN Access for Remote Diagnostics Support

Chapter 4 Customizing Your Network Settings

Katana Client to Linksys VPN Gateway

TW100-BRV204 VPN Firewall Router

PC/POLL SYSTEMS Version 7 Polling SPS2000 Cash Register TCP/IP Communications

Quick Installation Guide DAP Wireless N 300 Access Point & Router

Transcription:

ZyWALL (ZLD) VPN Troubleshooting L2TP VPN will not connect No traffic flow through L2TP VPN tunnel Client-to-Site (RoadWarrior) VPN will not connect No traffic flow through client-to-site IPSec VPN tunnel (RoadWarrior) Site-to-Site VPN will not establish No traffic flow through site-to-site IPSec VPN tunnel SSL VPN connection will not establish Connection issues with SSL VPN L2TP VPN will not connect Please verify your VPN rule setup with the example provided on the ZyWALL_L2TP_VPN_Setup.pdf walkthrough. If your setup is similar to the example provided please check the following: Is the ZyWALL behind a NAT (another router)? The L2TP function will not work if the ZyWALL is behind another router. This is a limitation on the devices L2TP capability, the ZyWALL needs direct communication with the public network (internet). If the L2TP client is behind a router please make sure that VPN pass-through is enabled or create port forwarding rules so it does not block the L2TP communication to the ZyWALL. Does the client have any other VPN clients installed? Only one application can use the IKE/IPSec services at a time, if there is another VPN client installed on the computer (and running) such as Cisco IPSec client, TheGreenBow, ShrewSoft, etc., you will need to close the application completely and restart the IKE/IPSec services so that the L2TP client can use them. [Windows] 1

To restart the services on your computer open a RUN dialog box. You can access this by pressing the Windows + R keys on the keyboard. Type services.msc and click OK or hit the Enter/Return key. Scroll down the list to find the IKE and AuthIP IPsec Keying Modules and IPsec Policy Agent to restart these services. Please check your L2TP clients settings against our setup example(s) [link to Windows, Mac OS X, ios, etc., setup guides] Disable your computers firewall to make sure it is not blocking the VPN connection attempt. Windows: To disable the Windows firewall, open a RUN dialog box. You can access this by pressing the Windows + R keys on the keyboard. 2

Type firewall.cpl and click OK or hit the Enter/Return key. Select the option to Turn Windows Firewall on or off on the left. Disable the firewall by selecting the Turn off Windows Firewall and click the OK button to save the settings. Note: If you re using a third party software firewall, Trend Micro, Norton, McAfee, etc., please open the softwares control panel and disable the firewall feature. Mac OS X: To disable the firewall on Mac OS X open System Preferences Security & Privacy, click the Firewall tab and press the Turn Off Firewall button to disable. 3

Update your computers NIC drivers. Note: For updates to your computers NIC cards please visit the computer manufacturer or the NIC cards chipset manufacturer. Bypass your router (if possible) to make sure it is not blocking the attempt to connect/establish the L2TP VPN. Check the ZyWALL s IKE logs to make sure it is receiving a request to establish the VPN. By default the ZyWALL is programmed to allow VPN traffic, if the IKE logs on the ZyWALL do not show any IKE connection attempts try disabling the ZyWALL s Firewall/Policy Control. If still no luck, check with your ISP to make sure they are not blocking ports on the service end. To disable the ZyWALL s firewall/policy control, go to: Configuration Firewall OR Configuration Security Policy Policy Control Verify the firmware is up to date and contact tech support for further assistance. To check the current version of firmware on the ZyWALL go to Maintenance File Manager Firmware Package 4

No traffic flow through L2TP VPN tunnel Please follow the instructions below if you have successfully established an L2TP VPN connection but cannot pass traffic through the tunnel. By default L2TP clients are programmed to send all traffic through the L2TP connection once established. If you have disabled this option you will need to manually create routes on your devices operating system to route traffic through the tunnel accordingly. Make sure there are no IP conflicts. The ZyWALL s internal (LAN) IP scheme and the L2TP IP pool should be on different subnets, using the same IP scheme can cause routing issues. Create a policy route on the ZyWALL to specify that any traffic destined for the L2TP IP Pool needs to take a hop (Next-Hop) at the L2TP VPN tunnel. Configuration Network Routing Policy Route Disable the ZyWALL s Firewall/Policy Control. To disable the ZyWALL s firewall/policy control, go to: Configuration Firewall OR Configuration Security Policy Policy Control 5

Make sure the L2TP connection has a higher priority than any other route on your computer. On Mac OS X you need to change the service order to give the VPN connection a higher priority than the Ethernet or Wi-Fi connections. Windows: All routes for the L2TP interface should have a higher metric than the standard routes. Open command prompt or PowerShell and type route print to view the routing table. Mac OS X: Open System Preferences Network, click the configuration icon at the bottom of the network interface list and Set Service Order. 6

Verify that the device you are trying to contact across the VPN is pointing to the ZyWALL for its default gateway. If the device is pointing to a different default gateway the traffic will not get sent back through the L2TP VPN tunnel. Verify the firmware is up to date and contact tech support for further assistance. To check the current version of firmware on the ZyWALL go to Maintenance File Manager Firmware Package Client-to-Site (RoadWarrior) VPN will not connect Please use the walkthrough Dynamic_VPN_Setup_CR.pdf as an example to verify the setup on your ZyWALL, to make sure all necessary settings and rules have been created on the router. If the ZyWALL is behind a NAT (another router) make sure the first NAT is forwarding the VPN ports to the ZyWALL. IKE UDP:500 and NAT-T UDP:4500 Make sure your network router is allowing the IPSec ports through (UDP:500 and UDP:4500) or be sure to enable VPN pass-through if the router supports this option. Bypass the router if possible to make sure it is not causing the problem. Make sure your ISP is not blocking VPN ports, some providers will block the VPN ports on their end. Verify that your computers firewall is allowing communications from the VPN client. Update your NIC drivers (Ethernet and/or Wi-Fi). Note: For updates to your computers NIC cards please visit the computer manufacturer or the NIC cards chipset manufacturer. 7

Check the VPN settings on the ZyWALL and make sure they match the software client configuration. Check the ZyWALL s IKE logs to make sure it is receiving a request to establish the VPN. By default the ZyWALL is programmed to allow VPN traffic, if the IKE logs on the ZyWALL do not show any IKE connection attempts try disabling the ZyWALL s Firewall/Policy Control. If still no luck, check with your ISP to make sure they are not blocking ports on the service end. To disable the ZyWALL s firewall/policy control, go to: Configuration Firewall OR Configuration Security Policy Policy Control Verify the firmware is up to date and contact tech support for further assistance. To check the current version of firmware on the ZyWALL go to Maintenance File Manager Firmware Package No traffic flow through client-to-site IPSec VPN tunnel (RoadWarrior) If you have successfully established a VPN connection to the ZyWALL but cannot get traffic across, please try the following: Login to the ZyWALL s WebGUI and disable the Use Policy Route to control dynamic IPSec rules in the VPN menu. Configuration VPN IPSec VPN VPN Connection Disable the ZyWALL routers Firewall. Configuration Firewall OR Configuration Security Policy Policy Control Disable the firewall on the remote host (computer/device) to make sure it is not blocking the request. 8

Windows: To disable the Windows firewall, open a RUN dialog box. You can access this by pressing the Windows + R keys on the keyboard. Type firewall.cpl and click OK or hit the Enter/Return key. Select the option to Turn Windows Firewall on or off on the left. Disable the firewall by selecting the Turn off Windows Firewall and click the OK button to save the settings. Note: If you re using a third party software firewall, Trend Micro, Norton, McAfee, etc., please open the softwares control panel and disable the firewall feature. Mac OS X: To disable the firewall on Mac OS X open System Preferences Security & Privacy, click the Firewall tab and press the Turn Off Firewall button to disable. 9

If you are attempting to access resources using computer hostname, try using the IP address assigned to the computer/device instead. Using a computer hostname requires the NetBIOS broadcast protocol to resolve the computers IP address, broadcasts are not supported by the IPSec standard. Because broadcasts are not supported by the IPSec VPN standard we cannot guarantee that using hostnames instead of IP s will work. A work around for this limitation of the IPSec standard would be to use a WINS server. Make sure there are no IP conflicts, if the ZyWALL network is configured to use the 192.168.1.0/24 network and the remote user is also using the same IP scheme, traffic will not route through the VPN tunnel properly. Make sure your network router is allowing the IPSec ports through (UDP:500 and UDP:4500) or be sure to enable VPN pass-through if the router supports this option. Bypass the router if possible to make sure it is not causing the problem. Verify that the device you are trying to contact is pointing to the ZyWALL for its default gateway. If the device is pointing to a different default gateway the traffic will not get sent back through the VPN tunnel. Verify the firmware is up to date and contact tech support for further assistance. To check the current version of firmware on the ZyWALL go to Maintenance File Manager Firmware Package 10

Site-to-Site VPN will not establish If you have configured an IPSec VPN rule for site-to-site (router-to-router) connection and the tunnel is not being established, please try the following: Reboot/Restart the ZyWALL appliance to reload the VPN daemon. Check the ZyWALL logs to verify that IKE connection attempts are being sent and received. If the logs show one way IKE traffic, send only for example, check the internet connection to make sure traffic is not being blocked/stopped on the service end. Double check the VPN rules on both ends to make sure all settings are matching. If using DDNS hostname or domain name to dial the connection instead of the public IP address, please make sure there are DNS servers programmed on the ZyWALL and that they can resolve the DDNS hostname/domain name. To check if the ZyWALL can resolve the name you will need to open a terminal session using SSH/Telnet/Console and run a ping command to the DDNS hostname/domain name. Router> ping hostname/domain (ex: Router> ping www.google.com) If the ping test fails double check the ZyWALL s DNS settings and try again. If your internet service is DHCP the ZyWALL would have automatically obtained the DNS server settings from your ISP. To check this go to Configuration System DNS. If your WAN IP was statically assigned the DNS settings will show N/A for the Default entry (the Default entry is for the WAN ports DHCP client capability only), click the Add button to manually enter your ISP provided or public (OpenDNS, Google DNS, etc.) DNS servers. 11

Verify the firmware is up to date and contact tech support for further assistance. To check the current version of firmware on the ZyWALL go to Maintenance File Manager Firmware Package No traffic flow through site-to-site IPSec VPN tunnel Tunnel established but can t get traffic across: Make sure there are no IP conflicts between the two sites. Disable the ZyWALL routers firewall. To disable the ZyWALL s firewall/policy control, go to: Configuration Firewall OR Configuration Security Policy Policy Control Verify that the host you are attempting to reach is pointing to the ZyWALL for the default gateway. Verify that the host you are attempting to reach is listening for the traffic you are sending to it. Example: If you re sending a ping request to a device, make sure it is set to respond to ping/icmp requests. Windows: Open command prompt or powershell and type netstat -an for a list of listening ports. 12

Linux/Mac OS X: Open terminal and type sudo lsof -i -n -P for a printout of the listening ports. Manually create a route (Configuration Routing) to stipulate that traffic destined for the remote network should take its Next-Hop on the appropriate VPN tunnel. 13

Verify the firmware is up to date and contact tech support for further assistance. To check the current version of firmware on the ZyWALL go to Maintenance File Manager Firmware Package SSL VPN connection will not establish SSL VPN connection will not connect or being redirected to a different screen, try the following steps to troubleshoot the issue. Make sure you are using a USER account to establish the SSL VPN connection. Users with ADMIN privileges cannot be part of the SSL VPN rule/policy. Administrative users will automatically get redirected to the configuration GUI. To verify the user account type, login to the ZyWALL s WebGUI and go to Configuration Object User/Group. Click the SSL VPN button, do not hit the enter/return key. Hitting enter/return will log you into the ZyWALL as a user, to get SSL VPN access you must click the SSL VPN button. Make sure Java is installed on the computer, the SSL VPN client (SecuExtender) is based on java. [Windows] If you are using Java 8 or higher, please create an exception for the ZyWALL connection on the Java Control panel Security tab. On your computer go to Control Panel Java, on the Java panel click the Security tab and press the Edit Site List button under Exception Site List. 14

Verify the firmware is up to date and contact tech support for further assistance. To check the current version of firmware on the ZyWALL go to Maintenance File Manager Firmware Package Connection issues with SSL VPN If you have successfully established an SSL VPN connection to the ZyWALL and are experiencing issues, please try the following. Can t access local network resources when VPN connection is established? Please make sure there are no IP conflicts between the remote and local network. If both sites are using the same IP scheme, 192.168.1.0/24 for example, routing will not work properly. Once the VPN tunnel is established all traffic destined for a 192.168.1.0/24 address will flow through the VPN tunnel. This is because the route the computer operating system created to send traffic through the VPN tunnel has a higher priority/metric that the regular route. Disable the ZyWALL s firewall if you are having problems getting traffic through the tunnel. To disable the ZyWALL s firewall/policy control, go to: Configuration Firewall OR Configuration Security Policy Policy Control Disable the computers firewall if you are having problems getting traffic through the tunnel to make sure it is not blocking. 15

Windows: To disable the Windows firewall, open a RUN dialog box. You can access this by pressing the Windows + R keys on the keyboard. Type firewall.cpl and click OK or hit the Enter/Return key. Select the option to Turn Windows Firewall on or off on the left. Disable the firewall by selecting the Turn off Windows Firewall and click the OK button to save the settings. Note: If you re using a third party software firewall, Trend Micro, Norton, McAfee, etc., please open the softwares control panel and disable the firewall feature. Mac OS X: To disable the firewall on Mac OS X open System Preferences Security & Privacy, click the Firewall tab and press the Turn Off Firewall button to disable. 16

Verify that the workstation is listening to the traffic you are using to access it remotely. Windows: Open command prompt or powershell and type netstat -an for a list of listening ports. Linux/Mac OS X: Open terminal and type sudo lsof -i -n -P for a printout of the listening ports. Verify the firmware is up to date and contact tech support for further assistance. To check the current version of firmware on the ZyWALL go to Maintenance File Manager Firmware Package 17

18

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information