USG Flex 100 L2TP VPN not letting me access shared folders of the LAN

Hi everyone I'm new here,

I'm learning how to configure a VPN with USG Flex 100 with guides I found around.

So, I have a server in my LAN (10.0.0.0/24) and I want the VPN users (192.168.50.0/24) to be able to access the shared folders of it, as of now it seems like they can't even see it.

Tried pinging some PC in the LAN but no response.

This is a NAT rule for the FTP to work from outside with our public IP.

Does anyone have any idea? Don't know if I should have posted something more usefull, in case just ask and I'll provide it ASAP.

Accepted Solution

  • Rgnvdjfgdfg
    Rgnvdjfgdfg Posts: 12
    First Comment Friend Collector
    Answer ✓

    I looked for it in Windows Defender Firewall and found this:

    Sorry but I'm a newbie and thanks a lot for helping me

All Replies

  • mMontana
    mMontana Posts: 1,174
    50 Answers 1000 Comments Friend Collector Third Anniversary
     Guru Member

    Does your server allow the communication to 192.168.50.0/24?

  • Rgnvdjfgdfg
    Rgnvdjfgdfg Posts: 12
    First Comment Friend Collector

    Sorry but I don't know what you mean, the folder is shared to "Everyone" if it answer it

  • smb_corp_user
    smb_corp_user Posts: 59
    First Comment First Answer Friend Collector
     Ally Member

    "Everyone" is only local access via File & Folder Security Access (Share access or file/folder Rights). Does the server have its own OS Firewall and is that Firewall configured to allow traffic from 192.168.50.0/24 (foreign subnet)? Note also that some systems consider legacy services unsafe and can block them by default.

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 586
    50 Answers 500 Comments Friend Collector Second Anniversary
     Guru Member

    Hello @Rgnvdjfgdfg

    Welcome to the Zyxel community. Why L2TP clients(192.168.50.0/24) cannot access your internal server(10.0.0.0/24), here are some troubleshooting tips that you can refer to:

    1. Please check routing-related settings such as security policies, allowed local VPN policy, etc. To make sure L2TP clients(192.168.50.0/24) can access the internal server(10.0.0.0/24).
    2. When you cannot access the internal server, you can check Monitor > Log > View Log to see if there are any dropped messages by which whom.
    3. Please make sure your internal server can be accessed, it could be a safe access protection on the internal server and you could disable it.
    4. Capturing packets on the internal server(10.0.0.0/24) to make sure it can receive requests from L2TP clients(192.168.50.0/24).

    If you have other questions in the future, we welcome your questions.

    Thanks.

  • Rgnvdjfgdfg
    Rgnvdjfgdfg Posts: 12
    First Comment Friend Collector

    As you suggested i created a policy route

    but I still can't either ping or access to the LAN.

    In the log it says nothing about this, it was the first thing i checked.

    The server can be accessed, first time i setup the VPN i could ping AND access the server without any problem.. After that i tried disconnecting and reconnecting and it all stopped working.

    Tried capturing packets but first time doing it and seems like nothing is arriving at the LAN..

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 586
    50 Answers 500 Comments Friend Collector Second Anniversary
     Guru Member

    Hello @Rgnvdjfgdfg

    Thanks for your update. Can you provide the remote Web-GUI link session to us for further checks by private message? We will send a private message later, please check your e-mail inbox. We would like to chek your routing-related settings. Thanks.

Security Highlight