ZyXEL Communications 4.04 User Manual
Chapter 16 IPSec Commands
ZyWALL (ZyNOS) CLI Reference Guide
129
In this case, if you want to send packets from network A to an overlapped IP (ex.
10.1.2.241) that is in the IP alias network M, you have to set the swSkipOverlapIp
command to on.
10.1.2.241) that is in the IP alias network M, you have to set the swSkipOverlapIp
command to on.
16.3 Detect Zombie Tunnels in Tunnel or Gateway Mode
The initial contact feature detects zombie tunnels and re-establishes them right away. For
example, in
example, in
, the ZyWALL X will have a zombie tunnel if ZyWALL Y suddenly
turns off. ZyWALL X still tries to send traffic through the VPN tunnel. When ZyWALL Y
turns back on, it may have a new IP when it tries to establish the tunnel with ZyWALL X.
Enabling the initial contact feature on ZyWALL X makes the ZyWALL X delete the zombie
tunnel upon receiving the initial contact from ZyWALL Y and establish a new tunnel.
turns back on, it may have a new IP when it tries to establish the tunnel with ZyWALL X.
Enabling the initial contact feature on ZyWALL X makes the ZyWALL X delete the zombie
tunnel upon receiving the initial contact from ZyWALL Y and establish a new tunnel.
Figure 6 Initial Contact example 1
In addition, assume there are three VPN tunnels using the two VPN gateways. See
VPN tunnel 1: Local network: A, Remote network: B.
VPN tunnel 2: Local network: C, Remote network: D.
VPN tunnel 3: Local network: E, Remote network: F.
• When you use ipsec initContactMode gateway, the initial contact sent from
network B makes the ZyWALL X remove all three tunnels and re-build new ones.
• When you use ipsec initContactMode tunnel, the initial contact sent from
network B makes the ZyWALL X remove and re-build only tunnel 1.
Figure 7 Initial Contact Example 1