ZyXEL Communications ZYWALL 5 - V4.04 Betriebsanweisung PDF herunterladen (Seite 178)

ZyXEL Confidential

404XD3C0.docx

178/181

(2)ipsec initContactMode tunnel

When the ZyWALL receives a IKE packets with IC, it deletes only one existing tunnel,

whose security gateway IP is not only the same as this IKE's one and also its phase 2

ID(network policy) should match. It is suitable when your tunnel is created from a VPN

peer to ZyWALL and there are more than two this kind of VPN peers build

tunnels behind the same NAT router. Take the picture 2 as example, PC 1, PC2 and PC3

has it's own VPN software to create tunnels with ZW. Suppose that the PC1, PC2 and PC3

separately create different tunnels with ZW for the traffic to PC4, PC5 and PC6, once the

PC1 reboots for some reasons, and after rebooting, the PC1 sends a IKE with IC to the

ZWB, then the ZWB will only delete the tunnel which is used by PC1 and PC4 and build a

new VPN tunnel for it. So other tunnels will not be disconnected.

Appendix 13 The mechanism of hose-based load balance feature

(1) A PC in LAN side wants to download a file from the remote server in the Internet.

(2) ZyWALL 5 or ZyWALL 70(Multiple WAN product with Load Sharing feature in

Active/Active mode)

(3) PC sends a request to "Update Server" through "WAN1".

(4) "Update Server" will reply a file list to the PC, the download address of the fill will be

"File Server", at the same time "Update Server" will inform that there is a PC located at

"WAN1" IP address will get file from you.

(5) PC knows the file address and retrieve the file through "WAN2".

(6) "File Sever" thinks the PC's IP should be "WAN1" instead of "WAN2". It rejects the

PC's request.

1 2 ... 173 174 175 176 177 178 179 180 181

Keine Kommentare

ZyXEL Communications ZYWALL 5 - V4.04 Betriebsanweisung Seite 178