SSLVPN Intermittent connection to internal LAN

Options
TriLanSupport
TriLanSupport Posts: 15  Freshman Member
First Anniversary 10 Comments Friend Collector
edited June 2023 in Security

Have an odd issue that's appeared on a customers USG 110 after updating the firmware to latest version off the back of the recent security issues.

User connects OK to SSL VPN (which authenticates via internal AD). Once connected they cannot browse to the internal network shares. A ping to the server returns nothing and a check of the traffic from the SSL connection shows no outbound.

However, if the user then disconnects and reconnects the SSL VPN it works OK.

The randomness of this is some users connect first time with no issues and some hit this problem.

Given the connection through to the internal server does work when reconnected it suggests the routing and policy rules are good.

Has anyone else seen this behavior or can suggest possible causes?

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,101  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @TriLanSupport

    Thanks for reporting this case to us.
    Your current running firmware version is V4.73P2, right?
    While the SSL VPN client cannot access the internal network, could you help to check the below information for us?

    1. To issue Windows CLI "ipconfig" on your PC to see whether you already get the correct SSL VPN IP address from the USG110.
    2. Please try to continuously access and ping the internal IP address and capture the packet from (1).the SSL VPN client's PC (2).USG110 WAN interface (3). USG110 LAN interface (4). The internal PC
      To see whether the traffic flow is correct.
    3. Navigate to USG110's Monitor Log to see whether there is any blocked message for UTM or a specific security policy.
      Please share the test results(screenshot, packet file, Monitor Log) with us.

    Thank you!

  • TriLanSupport
    TriLanSupport Posts: 15  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options

    Thanks for the response @Zyxel_Jeff, next time I get an occurrence report I'll runs these checks. I know from the previous occurrences that likely the ping traffic is being blocked or gets lost on the way back as the inbound count increases while outbound does not - so this would point to an outbound policy or it's ordering as a potential source of the problem.

    However, as I mentioned the issue is odd (frustrating) in that if the user disconnects the VPN and then reconnects it, they can browse to the internal server shares and inbound/outbound traffic looks quite normal. It would be great if it either worked or didn't and not the in-between state it currently is!

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,101  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @TriLanSupport

    OK, got it! Thanks for your update for us.

Security Highlight