99/782
If you see that Phase 1 IKE SA process done but still get below [info] log
message, please check ZyWALL/USG Phase 2 Settings. Both ZyWALL/USG at the
HQ and Branch sites must use the same Protocol, Encapsulation, Encryption,
Authentication method and PFS to establish the IKE SA.
MONITOR > Log
Make sure the both ZyWALL/USG at the HQ and Branch sites security policies
allow IPSec VPN traffic. IKE uses UDP port 500, AH uses IP protocol 51, and ESP
uses IP protocol 50.
Default NAT traversal is enable on ZyWALL/USG, please make sure the remote
IPSec device must also have NAT traversal enabled.
How to Configure Hub-and-Spoke IPSec VPN
This is an example of a hub-and-spoke VPN with the HQ ZyWALL/USG as the hub
and spoke VPNs to Branches A and B. When the VPN tunnel is configured, traffic
passes between branches via the hub (HQ). Traffic can also pass between
spoke-and-spoke through the hub. Here are two methods to set up hub-and-
spoke VPN connections: 1. With VPN Concentrator 2. Without VPN Concentrator.
To Next Page
Loading...
