VPN SSL: unable to access to a server folder
Freshman Member
Hi
I need to connect a remote pc to an internal server folder. My LAN is a domain network type and I'm running a USG 1100. I've configured the SSL VPN in the firewall and the remote pc is connected succesfully to the firewall. SecuExtender shows:
Client IP: 192.168.200.11
Server IP: 217.xxx.xxx.xxx
DNS: 192.168.0.2, 8.8.8.8
Route/s: 192.168.0.0/24
I can ping all the LAN pc from the remote pc so I guess everything is correct but I can't access the server folder. If I type \\192.xxx.x.x (the server IP) nothing happens.
All the Network Extensions are flagged and the DNS1 is the Zywall. Maybe I'm forgetting something about domain or network permissions? Thanks in advance for all the helps.
All Replies
-
This would be windows file share?
So the server is on 192.168.0.0/24 the remote PC must not on that IP subnet too?
File share would be port 445 when you do \\192.xxx.x.x this allowed by USG?
Does the server have its gateway set on it and firewall to allow from remote 192.168.200.11 to port 445?
if you do a packet capture on the server do you see the incoming SYN?
0 -
Hi,
So the server is on 192.168.0.0/24 the remote PC must not on that IP subnet too?
the remote pc is on a DHCP networkFile share would be port 445 when you do \\192.xxx.x.x this allowed by USG?
I don't know, how can I open that port?Does the server have its gateway set on it and firewall to allow from remote 192.168.200.11 to port 445?
Server gateway is 192.168.0.1if you do a packet capture on the server do you see the incoming SYN?
I don't knowThank you
0 -
The remote PC before SSL VPN connects must not be on 192.168.0.0/24 by DHCP
Your SSL VPN will be set to a Zone normally "SSL_VPN" you need to make a Policy control rule from SSL_VPN to your server LAN zone.
You can get Wireshark
Wireshark • Go Deep | Download
Before capture put in main filter
port 445
0 -
Can't install wireshark in a win 2012 server. It seems like the client doesn't has the authorisations to access the folder. Maybe it's due to the domain network? Strange enough it's that worked the first day I configured the VPN. The second day and so on it stopped working
0 -
Ok you can packet capture on the USG for the given port to see if the SSL client is sending SYN to server.
0 -
I don't see traffic on 445 port. What do you think about?
0 -
Thats Statistics go to maintenance > diagnostics > packet capture tab move the interface your server in on to be captured put in host port 445 and click capture.
On the remote PC do \\192.168.x.x for your server IP then stop capture go to file tab and view the .cap file and look for the SSL remote IP.
also is remote PC before SSL VPN connects not on 192.168.0.0/24 by DHCP?
0 -
0 -
also is remote PC before SSL VPN connects not on 192.168.0.0/24 by DHCP?
no
0 -
So there is two connection with there being SYN, SYN ACK and ACK so like the server is not allowing access to the file share.
is the client and server on the same workgroup name?
If needed you could run a FTP server instead
0
Guru Member
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 200 Nebula Ideas
- 126 Nebula Status and Incidents
- 6.3K Security
- 498 USG FLEX H Series
- 323 Security Ideas
- 1.6K Switch
- 83 Switch Ideas
- 1.3K Wireless
- 49 Wireless Ideas
- 6.8K Consumer Product
- 286 Service & License
- 457 News and Release
- 89 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 96 Security Highlight
