User manual

Chapter 56 Troubleshooting
ZyWALL USG 300 User’s Guide
903
I cannot get the application patrol to manage SIP traffic.
Make sure you have the SIP ALG enabled.
I cannot get the application patrol to manage H.323 traffic.
Make sure you have the H.323 ALG enabled.
I cannot get the application patrol to manage FTP traffic.
Make sure you have the FTP ALG enabled.
The ZyWALL keeps resetting the connection.
If an alternate gateway on the LAN has an IP address in the same subnet as the
ZyWALLs LAN IP address, return traffic may not go through the ZyWALL. This is
called an asymmetrical or “triangle” route. This causes the ZyWALL to reset the
connection, as the connection has not been acknowledged.
You can set the ZyWALL’s firewall to permit the use of asymmetrical route
topology on the network (so it does not reset the connection) although this is not
recommended since allowing asymmetrical routes may let traffic from the WAN go
directly to the LAN without passing through the ZyWALL. A better solution is to
use virtual interfaces to put the ZyWALL and the backup gateway on separate
subnets. See Asymmetrical Routes on page 457 and the chapter about interfaces
for more information.
I cannot set up an IPSec VPN tunnel to another device.
If the IPSec tunnel does not build properly, the problem is likely a configuration
error at one of the IPSec routers. Log into both ZyXEL IPSec routers and check the
settings in each field methodically and slowly. Make sure both the ZyWALL and
remote IPSec router have the same security settings for the VPN tunnel. It may
help to display the settings for both routers side-by-side.