Prestige 661H/HW Series User’s Guide
Appendix H VPN Setup 474
Figure 302 Menu 27.1.1.1: IKE Setup
Dialing the VPN Tunnel via SMT
If you would like to test whether the IPSec devices can build the IPSec tunnel before trying to
ping a computer, use the ‘ipsec dial n’ (where “n” is the number of the VPN rule) command
from the Command Interpreter - Menu 24.8 to have the IPSec device set up the tunnel.
Here is an example.
Copyright (c) 1994 - 2004 ZyXEL Communications Corp.
ras> ipsec dial 1
Tunnel built successfully!
VPN Troubleshooting
If the IPSec tunnel does not build properly, the problem is likely a configuration error at one of
the IPSec routers. The following steps will help you to rapidly identify and correct
configuration problems.
Log into the SMTs of both ZyXEL IPSec routers via telnet.
Position the telnet windows side-by-side and visually compare the configuration in Menu
27.1.1 (IPSec Rule) and Menu 27.1.1.1 (IKE Setup). Check the settings in each field
methodically and slowly.
Menu 27.1.1.1 - IKE Setup
Phase 1
Negotiation Mode= Main
Authentication Method= Pre-Shared Key
PSK= 12345678
Certificate= N/A
Encryption Algorithm= DES
Authentication Algorithm= MD5
SA Life Time (Seconds)= 28800
Key Group= DH1
Phase 2
Active Protocol= ESP
Encryption Algorithm= DES
Authentication Algorithm= SHA1
SA Life Time (Seconds)= 28800
Encapsulation= Tunnel
Perfect Forward Secrecy (PFS)= None
Press ENTER to Confirm or ESC to Cancel:
Press Space Bar to Toggle.
