Cannot remote manage USG20W-VPN after establishing SecuExtender connection
Not sure what is going on with my system. I can establish a VPN Connection with SecuExtender (and I also tried L2TP) and everything looked "connected". However, when I open a browser to the LAN IP of the USG20 (10.255.1.1), I am not able to login, or even see a login screen. However, I am able to access the USG20 GUI by HTTPs:// to the realIP of the wan(if I open the firewall for WWW to any -any - -allow). I am running the latest code. and I have the SSL VPN rule to allow access to LAN1
All Replies
-
Enable “Force all client traffic to enter SSL VPN tunnel” and it will work.
1 -
Welcome to Zyxel Community 😎
If it is still not working, you may check the security policy, it supposed to have a rule from SSL VPN to ZyWall.
When you access device Web GUI from SSL VPN, traffic goes to this rule.
CONFIGURATION > Security Policy > Policy Control.
0 -
With “Force all client traffic to enter SSL VPN tunnel” enabled I have no rule from SSL_VPN to ZyWALL and I still get to the GUI.
0 -
It could be have a firewall rule from Any to ZyWall, or the default rule is allow.
0 -
Nope I don't have from Any to ZyWall, or the default rule is allow its set to deny
This might be bug because “Force all client traffic to enter SSL VPN tunnel” is not doing that I have the SSL VPN with range 192.168.139.1-192.168.139.14 the client before connecting to the SSL VPN is 192.168.255.193 when is go to https://192.168.255.202 with the SSL VPN connected it does not go down the SSL VPN it goes from 192.168.255.193 to 192.168.255.202.
But shouldn't “Force all client traffic to enter SSL VPN tunnel” force 192.168.255.202 to go down the SSL VPN?
Edit: Thinking about more this might not be a bug.
0 -
Back to AllFlashGordon if you have to SSL VPN with like range 192.168.139.1-192.168.139.14 if you when connected you enter https://192.168.139.1 with from SSL_VPN to ZyWALL and WWW to allow SSL_VPN you can login
0 -
@PeterUK I have the IP range for SSL different than that of LAN1, as it is recommended to setup with a different subnet.
I tried and confirmed all the above, and no luck
0 -
Try https://10.255.0.10 or range for assign IP pool 10.255.0.1 – 10.255.0.20 https://10.255.0.1
0 -
For some reason your client IP is 10.255.0.10 when that should be reserved for the gateway.
Can you test with the SecuExtender for windows app
0 -
Ok found the reason when at VPN > SSL VPN page click Global settings tab and enter for Network extension local IP 10.255.0.10 and apply.
Now go to
😎
0
Guru Member
Zyxel Employee
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 78 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 908 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 898 Nebula FAQ
- 415 Security FAQ
- 234 Switch FAQ
- 205 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight
