This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ASL 5.200 and ZyWALL 2WE twin tunnel poroblem

Can anybody help with session disruption when  using dual tunnels.

Situation:
LAN1/LAN2  ASL  |CheckPoint FW|  ZyWALL2WE  RemLAN

Required:
Traffic from both LAN1 (172.16.0.0/16) and LAN2 (172.17.0.0/16) to RemLAN (172.31.3.0/24)

Implementation:
While on the ZyWALL it is not possible for LAN2 to be routed through the tunnel of the LAN1, 2 tunnels are defined. Same tunnel configs {PSK, Phase1: [3DES/MD5, DH2, 28800s], Phase2: (AES/SHA1, PFS-DH2, 14444s)}, only difference is LAN1 and LAN2 subnets.

Problem:
When rekeying is needed, on the remote side errors are reported about the rekey event, ie.  the ID is found to be invalid and the rekey is retried a couple of time followed by a complete renegotiation of both tunnels.
This leads to disruption of sessions that are open all day.

Is there a solution

This thread was automatically locked due to age.

0 Sascha_Paris over 20 years ago

[ QUOTE ]

Implementation:
While on the ZyWALL it is not possible for LAN2 to be routed through the tunnel of the LAN1, 2 tunnels are defined. Same tunnel configs {PSK, Phase1: [3DES/MD5, DH2, 28800s], Phase2: (AES/SHA1, PFS-DH2, 14444s)}, only difference is LAN1 and LAN2 subnets.

[/ QUOTE ]

Zyxel products work with AES ? I never had a such one...new Firmware ?

However, I have for all my ASL to Zyxel products Tunnels following configuration, that i found working well on all Zyxels:
{PSK, Phase1: [3DES/SHA1, DH2, 28800s], Phase2: (3DES/SHA1, NO PFS-DH2,28800s)}. And I always use "RANGE" to define a Subnet or Sinlge Host on ASL...otherwise I had compatibility issues with (older?) zyxel products (Subnet 192.168.1.0/24 ==> Range 192.168.1.0-192.168.1.255). (Older?) Zyxels also don't like all PSK's (only 32 chars, and some other restrictions...). On Zyxel I also always activate the "Keep alive" option...

Sascha [;)]
Cancel
Vote Up 0 Vote Down

Cancel