ZDL4.70 AAPI.0 - USG210 - SSLVPN disconnect right after connection

2»

All Replies

  • OTADMIN
    OTADMIN Posts: 15  Freshman Member
    First Comment Friend Collector Fourth Anniversary
    Hey,
    yesterday i updated to 4.71, but still have the same problem.
    The last months I used 4.65, but now we needed to update.

    I tried disabeling the 2FA, used easier password, ... but it didn't help.

    Secuextender log files attached.

    Going back to 4.65 isn't really an option because of the security risk.

    Thanks
  • GregD123
    GregD123 Posts: 1
    First Anniversary
    edited April 2022
    I had been having the same problem, although only with some remote users. Through a process of trial and error, what finally worked for us was unchecking the box that says, "Force all client traffic to enter SSL VPN tunnel" on the USG210 under SSL VPN Access Privilege. I also set the DNS Server 1 and DNS Server 2 to none, although I don't think that made a difference. It seems to work fine now for all remote users.
  • CHS
    CHS Posts: 181  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    OTADMIN, What's the log entries during issue occurs?
  • OTADMIN
    OTADMIN Posts: 15  Freshman Member
    First Comment Friend Collector Fourth Anniversary
    Hey GregD123, 

    the "Force all client traffic" is already unchecked, played with it, but no succes
    The same for DNS.

    @CHS, this is the log entrie I see. Not much information.


  • OTADMIN
    OTADMIN Posts: 15  Freshman Member
    First Comment Friend Collector Fourth Anniversary
    edited April 2022
    Update: our users login with their active directory account.
    If I create a local account, I can connect to the VPN
    Now figuring out why the AD connection doesn't work anymore.

    Update2: The AD connection gave "Wrond bind DN or Password", I changed the user, and that problem was solved.
    I also enabled SSL on port 636 like I found in USG-40 AD Auth "Wrong Bind DN or Base DN — Zyxel Community 
    Now the AD connection works again, but the VPN connection still have the same problem.
    Hopefully a reboot will solve it.
    In the meanwhile I can workaround the problem by creating a local VPN user on the firewall.
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,377  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    edited April 2022
    Hi @OTADMIN
    After confirming the AD auth server without password issue.
    You can make sure you allowed AD authentication group for login to device.

     

Security Highlight