SSLVPN Intermittent connection to internal LAN
Freshman Member
Have an odd issue that's appeared on a customers USG 110 after updating the firmware to latest version off the back of the recent security issues.
User connects OK to SSL VPN (which authenticates via internal AD). Once connected they cannot browse to the internal network shares. A ping to the server returns nothing and a check of the traffic from the SSL connection shows no outbound.
However, if the user then disconnects and reconnects the SSL VPN it works OK.
The randomness of this is some users connect first time with no issues and some hit this problem.
Given the connection through to the internal server does work when reconnected it suggests the routing and policy rules are good.
Has anyone else seen this behavior or can suggest possible causes?
All Replies
-
Thanks for reporting this case to us.
Your current running firmware version is V4.73P2, right?
While the SSL VPN client cannot access the internal network, could you help to check the below information for us?- To issue Windows CLI "ipconfig" on your PC to see whether you already get the correct SSL VPN IP address from the USG110.
- Please try to continuously access and ping the internal IP address and capture the packet from (1).the SSL VPN client's PC (2).USG110 WAN interface (3). USG110 LAN interface (4). The internal PC
To see whether the traffic flow is correct. - Navigate to USG110's Monitor Log to see whether there is any blocked message for UTM or a specific security policy.
Please share the test results(screenshot, packet file, Monitor Log) with us.
Thank you!
0 -
Thanks for the response @Zyxel_Jeff, next time I get an occurrence report I'll runs these checks. I know from the previous occurrences that likely the ping traffic is being blocked or gets lost on the way back as the inbound count increases while outbound does not - so this would point to an outbound policy or it's ordering as a potential source of the problem.
However, as I mentioned the issue is odd (frustrating) in that if the user disconnects the VPN and then reconnects it, they can browse to the internal server shares and inbound/outbound traffic looks quite normal. It would be great if it either worked or didn't and not the in-between state it currently is!
0 -
OK, got it! Thanks for your update for us.
0
Zyxel Employee
Categories
- All Categories
- 393 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 906 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 220 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight
