Chapter 43 Troubleshooting
ZyWALL ATP Series User’s Guide
808
I cannot create a second HTTP redirect rule for an incoming interface.
You can configure up to one HTTP redirect rule for each (incoming) interface.
I cannot get the application patrol to manage SIP traffic.
Make sure you have the SIP ALG enabled.
I cannot get the application patrol to manage H.323 traffic.
Make sure you have the H.323 ALG enabled.
I cannot get the application patrol to manage FTP traffic.
Make sure you have the FTP ALG enabled.
The Zyxel Device keeps resetting the connection.
If an alternate gateway on the LAN has an IP address in the same subnet as the Zyxel Device’s LAN IP
address, return traffic may not go through the Zyxel Device. This is called an asymmetrical or “triangle”
route. This causes the Zyxel Device to reset the connection, as the connection has not been
acknowledged.
You can set the Zyxel Device’s security policy to permit the use of asymmetrical route topology on the
network (so it does not reset the connection) although this is not recommended since allowing
asymmetrical routes may let traffic from the WAN go directly to the LAN without passing through the
Zyxel Device. A better solution is to use virtual interfaces to put the Zyxel Device and the backup
gateway on separate subnets. See
Asymmetrical Routes on page 476
and the chapter about interfaces
for more information.
I cannot set up an IPSec VPN tunnel to another device.
If the IPSec tunnel does not build properly, the problem is likely a configuration error at one of the IPSec
routers. Log into both Zyxel IPSec routers and check the settings in each field methodically and slowly.
Make sure both the Zyxel Device and remote IPSec router have the same security settings for the VPN
tunnel. It may help to display the settings for both routers side-by-side.