SSL VPN Tunnel connects, but cannot RDP

JLB Posts: 2
First Comment
edited April 2021 in Security
I have followed twenty sets of instructions (all out-dated) for my USG 110 device to get my remote clients to connect via SSL to this main office VPN.  The tunnel now connects and assigns a correct address for my remote user, the VPN monitor shows it connected with a valid address, but I am still unable to RDP.  The VPN monitor shows outgoing bytes (260), but the SecuExtender shows 0 bytes received. 

What am I doing wrong? 

All Replies

  • Michael8639
    did you install the Secu Extender client software on the users PC(s) ? 
    you won't be using RDP to connect with SSLVPN
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    According to the issue of RDP Connection lost inside SSL VPN tunnel,
    I will send you the firmware via private message. Please has a check.
  • JLB
    JLB Posts: 2
    First Comment
    Yes, I did install the SecuExtender client software.  That is what is telling me (via the Status tab) that I am sending, but not receiving bytes and packets. 

    The firmware was updated to the latest version (V4.33(AAAA.0)/2019-01-09 09:37:31 before I did anything else.  I have not received any firmware via private messaging. 

    So much for easy management....  I have wasted literally days trying to configure this thing to simply allow my Sales people on the road to be able to VPN in and RDP their local machines.  It took me less than a day with the Cisco box that died. 
  • Zyxel_Vic
    Zyxel_Vic Posts: 281  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @JLB
    My colleague Zyxel_Charlie should had sent you the firmware on April 2nd, can't this firmware help?
    Is the RDP connection issue still exists?
  • Parnell
    Parnell Posts: 1
    First Anniversary
    This is pretty old, so I hope you figured it out, but for anyone else..

    I think you need to make sure you have port 3389 open in the SSL VPN security policy.  I tried it with only 80 & 443 open, and had the same issue where I could connect with SecuExtender, but couldn't initiate an RDP session.
  • USG_User
    USG_User Posts: 369  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited August 2021
    Please note the latest FW for USG is 4.65 and SecuExtender is 4.0.4.

    Do you have composed at least a self-signed certificate by USG, which is to be installed on all Windows Clients. This avoids a Windows security warning for both when connecting to SSL VPN and later to RDP host.

    Do you have enabled the "network extensions (full tunnel mode)" in SSL VPN settings?

    Wich security policies do you have in place for the SSL VPN tunnel? In our USG110 we got 3 rules:
    1. SSL VPN "dial in"-rule from WAN to ZyWall calling the special configured SSL VPN port
    2. SSL VPN "incoming" rule, from SSL_VPN to LAN1, all ports, restricted to SSL VPN Group members
    3. SSL VPN "outgoing" rule, from LAN1 to SSL_VPN, all ports, all users

    Do you try to connect to RDP remote host by computer name or IP address? Allthough NetBIOS Broadcast over SSL VPN Tunnel is activated, we are connecting by IP address to the remote RDP host.

    Finally RDP works fine with us.
  • Michael8639
    Did you create a rule Allowing SSLVPN to LAN subnets(or host IP ,if you want just access to one server)  ? can you ping anything on the LAN? 
  • Michael8639
    Here's the how to PDF I used , hope it helps 

Security Highlight