SSLVPN Intermittent connection to internal LAN
Have an odd issue that's appeared on a customers USG 110 after updating the firmware to latest version off the back of the recent security issues.
User connects OK to SSL VPN (which authenticates via internal AD). Once connected they cannot browse to the internal network shares. A ping to the server returns nothing and a check of the traffic from the SSL connection shows no outbound.
However, if the user then disconnects and reconnects the SSL VPN it works OK.
The randomness of this is some users connect first time with no issues and some hit this problem.
Given the connection through to the internal server does work when reconnected it suggests the routing and policy rules are good.
Has anyone else seen this behavior or can suggest possible causes?
All Replies
-
Thanks for reporting this case to us.
Your current running firmware version is V4.73P2, right?
While the SSL VPN client cannot access the internal network, could you help to check the below information for us?- To issue Windows CLI "ipconfig" on your PC to see whether you already get the correct SSL VPN IP address from the USG110.
- Please try to continuously access and ping the internal IP address and capture the packet from (1).the SSL VPN client's PC (2).USG110 WAN interface (3). USG110 LAN interface (4). The internal PC
To see whether the traffic flow is correct. - Navigate to USG110's Monitor Log to see whether there is any blocked message for UTM or a specific security policy.
Please share the test results(screenshot, packet file, Monitor Log) with us.
Thank you!
See how you've made an impact in Zyxel Community this year!
0 -
Thanks for the response @Zyxel_Jeff, next time I get an occurrence report I'll runs these checks. I know from the previous occurrences that likely the ping traffic is being blocked or gets lost on the way back as the inbound count increases while outbound does not - so this would point to an outbound policy or it's ordering as a potential source of the problem.
However, as I mentioned the issue is odd (frustrating) in that if the user disconnects the VPN and then reconnects it, they can browse to the internal server shares and inbound/outbound traffic looks quite normal. It would be great if it either worked or didn't and not the in-between state it currently is!
0 -
OK, got it! Thanks for your update for us.
See how you've made an impact in Zyxel Community this year!
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight