ZyXEL UAG715 User Guide - Page 516
Trusted Certificates, Configuration > VPN > IPSec VPN > VPN Connection, Use Policy, Route
View all ZyXEL UAG715 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 516 highlights
Chapter 46 Troubleshooting • If you set up a VPN tunnel across the Internet, make sure your ISP supports AH or ESP (whichever you are using). • If you have the UAG and remote IPSec router use certificates to authenticate each other, You must set up the certificates for the UAG and remote IPSec router first and make sure they trust each other's certificates. If the UAG's certificate is self-signed, import it into the remote IPsec router. If it is signed by a CA, make sure the remote IPsec router trusts that CA. The UAG uses one of its Trusted Certificates to authenticate the remote IPSec router's certificate. The trusted certificate can be the remote IPSec router's self-signed certificate or that of a trusted CA that signed the remote IPSec router's certificate. • Multiple SAs connecting through a secure gateway must have the same negotiation mode. The VPN connection is up but VPN traffic cannot be transmitted through the VPN tunnel. If you have the Configuration > VPN > IPSec VPN > VPN Connection screen's Use Policy Route to control dynamic IPSec rules option enabled, check the routing policies to see if they are sending traffic elsewhere instead of through the VPN tunnels. I uploaded a logo to show in the SSL VPN user screens but it does not display properly. The logo graphic must be GIF, JPG, or PNG format. The graphic should use a resolution of 103 x 29 pixels to avoid distortion when displayed. The UAG automatically resizes a graphic of a different resolution to 103 x 29 pixels. The file size must be 100 kilobytes or less. Transparent background is recommended. I logged into the SSL VPN but cannot see some of the resource links. Available resource links vary depending on the SSL application object's configuration. I changed the LAN IP address and can no longer access the Internet. The UAG automatically updates address objects based on an interface's IP address, subnet, or gateway if the interface's IP address settings change. However, you need to manually edit any address objects for your LAN that are not based on the interface. I cannot get the RADIUS server to authenticate the UAG's default admin account. The default admin account is always authenticated locally, regardless of the authentication method setting. (See Chapter 33 on page 382 for more information about authentication methods.) 516 UAG715 User's Guide