ZyXEL Communications ZYWALL 35 - V4.03 Información técnica descargar pdf (Pagina 79)

(2)ipsec initContactMode tunnel

When the ZyWALL receives a IKE packets with IC, it deletes only

one existing tunnel, whose security gateway IP is not only the same as this

IKE's one and also its phase 2 ID(network policy) should match. It is suitable

when your tunnel is created from a VPN peer to ZyWALL and there are more than

two this kind of VPN peers build tunnels behind the same NAT router. Take

the picture 2 as example, PC 1, PC2 and PC3 has it's own VPN software to create

tunnels with ZW. Suppose that the PC1, PC2 and PC3 separately create different

tunnels with ZW for the traffic to PC4, PC5 and PC6, once the PC1 reboots

for some reasons, and after rebooting, the PC1 sends a IKE with IC to the

ZWB, then the ZWB will only delete the tunnel which is used by PC1 and PC4

and build a new VPN tunnel for it. So other tunnels will not be disconnected.

Appendix 14 The topologies ZyWALL doesn’t surpportted:

Previously, the ZyWALL supports most of SIP topologies except:

(1) SIP server on the ZyWALL’s LAN/DMZ/WLAN.

(2) Two SIP clients behind the ZyWALL and talk to each other.

Now we have solved these two problems, all directions of SIP calls can work. You can

refer to the Figure 1, all of the SIP clients in the picture can register to the SIP server

behind the ZyWALL and any two SIP clients can talk to each other.

1 2 ... 74 75 76 77 78 79 80 81 82 83 84

Sin comentarios

ZyXEL Communications ZYWALL 35 - V4.03 Información técnica Pagina 79