manualshive.com logo in svg

ZyXEL Communications ZLD, Troubleshooting Manual

Share
Download
ZyXEL Communications ZLD Troubleshooting Manual Download Page 1

 

 

1/26 

 

www.zyxel.com 

ZyWALL (ZLD) VPN Troubleshooting 

L2TP VPN will not connect

 

No traffic flow through L2TP VPN tunnel

 

Client-to-Site (RoadWarrior) VPN will not connect

 

No traffic flow through client-to-site IPSec VPN tunnel (RoadWarrior)

 

Site-to-Site VPN will not establish

 

No traffic flow through site-to-site IPSec VPN tunnel

 

SSL VPN connection will not establish

 

Connection issues with SSL VPN

 

L2TP VPN will not connect 

Please verify your VPN rule setup with the example provided on the 
“ZyWALL_L2TP_VPN_Setup.pdf” walkthrough.    If your setup is similar to 
the example provided please check the following: 

 

Is the ZyWALL behind a NAT (another router)?    The L2TP function 
will not work if the ZyWALL is behind another router.    This is a 
limitation on the devices L2TP capability, the ZyWALL needs direct 
communication with the public network (internet). 

 

 

If the L2TP client is behind a router please make sure that VPN 
pass-through is enabled or create port forwarding rules so it does 
not block the L2TP communication to the ZyWALL. 

Summary of Contents for ZLD

Page 1: ...not connect Please verify your VPN rule setup with the example provided on the ZyWALL_L2TP_VPN_Setup pdf walkthrough If your setup is similar to the example provided please check the following Is the ZyWALL behind a NAT another router The L2TP function will not work if the ZyWALL is behind another router This is a limitation on the devices L2TP capability the ZyWALL needs direct communication with...

Page 2: ...uter and running such as Cisco IPSec client TheGreenBow ShrewSoft etc you will need to close the application completely and restart the IKE IPSec services so that the L2TP client can use them Windows To restart the services on your computer open a RUN dialog box You can access this by pressing the Windows R keys on the keyboard Type services msc and click OK or hit the Enter Return key ...

Page 3: ...ces Please check your L2TP clients settings against our setup example s link to Windows macOS iOS etc setup guides Disable your computers firewall to make sure it is not blocking the VPN connection attempt Windows To disable the Windows firewall open a RUN dialog box You can access this by pressing the Windows R keys on the keyboard ...

Page 4: ...e Turn off Windows Firewall and click the OK button to save the settings Note If you re using a third party software firewall Trend Micro Norton McAfee etc please open the softwares control panel and disable the firewall feature macOS To disable the firewall on macOS open System Preferences Security Privacy click the Firewall tab and press the Turn Off Firewall button to disable ...

Page 5: ...heck the ZyWALL s IKE logs to make sure it is receiving a request to establish the VPN By default the ZyWALL is programmed to allow VPN traffic if the IKE logs on the ZyWALL do not show any IKE connection attempts try disabling the ZyWALL s Firewall Policy Control If still no luck check with your ISP to make sure they are not blocking ports on the service end To disable the ZyWALL s firewall polic...

Page 6: ... 26 www zyxel com Verify the firmware is up to date and contact tech support for further assistance To check the current version of firmware on the ZyWALL go to Maintenance File Manager Firmware Package ...

Page 7: ...lly create routes on your devices operating system to route traffic through the tunnel accordingly Make sure there are no IP conflicts The ZyWALL s internal LAN IP scheme and the L2TP IP pool should be on different subnets using the same IP scheme can cause routing issues Create a policy route on the ZyWALL to specify that any traffic destined for the L2TP IP Pool needs to take a hop Next Hop at t...

Page 8: ...the service order to give the VPN connection a higher priority than the Ethernet or Wi Fi connections Windows All routes for the L2TP interface should have a higher metric than the standard routes Open command prompt or PowerShell and type route print to view the routing table macOS Open System Preferences Network click the configuration icon at the bottom of the network interface list and Set Ser...

Page 9: ...efault gateway If the device is pointing to a different default gateway the traffic will not get sent back through the L2TP VPN tunnel Verify the firmware is up to date and contact tech support for further assistance To check the current version of firmware on the ZyWALL go to Maintenance File Manager Firmware Package ...

Page 10: ...4500 Make sure your network router is allowing the IPSec ports through UDP 500 and UDP 4500 or be sure to enable VPN pass through if the router supports this option Bypass the router if possible to make sure it is not causing the problem Make sure your ISP is not blocking VPN ports some providers will block the VPN ports on their end Verify that your computers firewall is allowing communications f...

Page 11: ... not show any IKE connection attempts try disabling the ZyWALL s Firewall Policy Control If still no luck check with your ISP to make sure they are not blocking ports on the service end To disable the ZyWALL s firewall policy control go to Configuration Firewall OR Configuration Security Policy Policy Control Verify the firmware is up to date and contact tech support for further assistance To chec...

Page 12: ...ble the Use Policy Route to control dynamic IPSec rules in the VPN menu Configuration VPN IPSec VPN VPN Connection Disable the ZyWALL routers Firewall Configuration Firewall OR Configuration Security Policy Policy Control Disable the firewall on the remote host computer device to make sure it is not blocking the request Windows To disable the Windows firewall open a RUN dialog box You can access t...

Page 13: ...e Turn off Windows Firewall and click the OK button to save the settings Note If you re using a third party software firewall Trend Micro Norton McAfee etc please open the softwares control panel and disable the firewall feature macOS To disable the firewall on macOS open System Preferences Security Privacy click the Firewall tab and press the Turn Off Firewall button to disable ...

Page 14: ...ntee that using hostnames instead of IP s will work A work around for this limitation of the IPSec standard would be to use a WINS server Make sure there are no IP conflicts if the ZyWALL network is configured to use the 192 168 1 0 24 network and the remote user is also using the same IP scheme traffic will not route through the VPN tunnel properly Make sure your network router is allowing the IP...

Page 15: ...lt gateway If the device is pointing to a different default gateway the traffic will not get sent back through the VPN tunnel Verify the firmware is up to date and contact tech support for further assistance To check the current version of firmware on the ZyWALL go to Maintenance File Manager Firmware Package ...

Page 16: ...PN rules on both ends to make sure all settings are matching If using DDNS hostname or domain name to dial the connection instead of the public IP address please make sure there are DNS servers programmed on the ZyWALL and that they can resolve the DDNS hostname domain name To check if the ZyWALL can resolve the name you will need to open a terminal session using SSH Telnet Console and run a ping ...

Page 17: ... for the WAN ports DHCP client capability only click the Add button to manually enter your ISP provided or public OpenDNS Google DNS etc DNS servers Verify the firmware is up to date and contact tech support for further assistance To check the current version of firmware on the ZyWALL go to Maintenance File Manager Firmware Package ...

Page 18: ... host you are attempting to reach is pointing to the ZyWALL for the default gateway Check for conflicting policy static routes A misconfigured or out of order route can cause problems To verify the policy static route rules go to Configuration Network Routing Verify that the host you are attempting to reach is listening for the traffic you are sending to it Example If you re sending a ping request...

Page 19: ... terminal and type sudo lsof i n P for a printout of the listening ports Manually create a route Configuration Routing to stipulate that traffic destined for the remote network should take its Next Hop on the appropriate VPN tunnel ...

Page 20: ...0 26 www zyxel com Verify the firmware is up to date and contact tech support for further assistance To check the current version of firmware on the ZyWALL go to Maintenance File Manager Firmware Package ...

Page 21: ...lly get redirected to the configuration GUI To verify the user account type login to the ZyWALL s WebGUI and go to Configuration Object User Group Make sure the network connection is not Disabled on Windows To check this click the Windows Logo key on your keyboard the R key This will open the RUN dialog box Type ncpa cpl and click OK or hit the Enter Return key On the Network Connections screen lo...

Page 22: ...2 26 www zyxel com Verify the firmware is up to date and contact tech support for further assistance To check the current version of firmware on the ZyWALL go to Maintenance File Manager Firmware Package ...

Page 23: ...for a 192 168 1 0 24 address will flow through the VPN tunnel This is because the route the computer operating system created to send traffic through the VPN tunnel has a higher priority metric that the regular route Disable the ZyWALL s firewall if you are having problems getting traffic through the tunnel To disable the ZyWALL s firewall policy control go to Configuration Firewall OR Configurati...

Page 24: ...e Turn off Windows Firewall and click the OK button to save the settings Note If you re using a third party software firewall Trend Micro Norton McAfee etc please open the softwares control panel and disable the firewall feature macOS To disable the firewall on macOS open System Preferences Security Privacy click the Firewall tab and press the Turn Off Firewall button to disable ...

Page 25: ...ation is listening to the traffic you are using to access it remotely Windows Open command prompt or powershell and type netstat an for a list of listening ports macOS Open terminal and type sudo lsof i n P for a printout of the listening ports ...

Page 26: ...6 26 www zyxel com Verify the firmware is up to date and contact tech support for further assistance To check the current version of firmware on the ZyWALL go to Maintenance File Manager Firmware Package ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands