VPN Access

damianodec
damianodec Posts: 42  Freshman Member
First Comment Friend Collector First Anniversary
edited April 2021 in Security

Hi,

thanks to this link: https://www.youtube.com/watch?v=piUP7P3Vu1M I opened a VPN IPSec client to site on my USG40 and by Zywal IPSec VPN Client I can to access.

My question is, how many simultaneous accesses can I make from different client PCs?

thank you.

All Replies

  • Alfonso
    Alfonso Posts: 257  Master Member
    5 Answers First Comment Friend Collector Second Anniversary

    Hi @damianodec

    I understand the maximum number of VPN is 20 including gw to gw and client to gw.


    Source:


    Regards

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @damianodec,

    The maximum concurrent IPsec VPN tunnels on USG40 is 20.

    Here are the specifications for your reference.

    https://www.zyxel.com/products_services/Unified-Security-Gateway-USG40-40W-60-60W/comparison#specifications

  • damianodec
    damianodec Posts: 42  Freshman Member
    First Comment Friend Collector First Anniversary

    hi @Zyxel_Emily and @Alfonso , thank you.

    another question.

    To use VPN I have to open 443 port, is it right?

    But in this way I open access from internet to my usg40 and then all users can open it by browser with ip public and port (xxx.xxx.xxx.xxx:443).

    Am I wrong? are there others way?

    thank you!

  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary

    @damianodec you are wrong. At least... Trying to explain.

    USG40 supports 3 different (2+1 actually) kinds of VPN Connections

    • SSL VPN, which needs the SecuExtender client AND port 443 reachable from clients
    • IPSec VPN, which usually is used by gateways and VPN Client (now SecuExtender, once, IPSec Client. Ports 500 and 4500 (most of times) UDP reachable from clients
    • L2TP VPN, which is a subset of IPSec VPN; not the fastest thing to set under windows, it needs all the ports necessaries to IpSec plus 1701 UDP, used by client-less connection and available on most OS mobile and desktop/laptop

    SSL VPN concurrent connections are limited by license installed: 5 by default, 15 if you by the licence.

    I don't know if 20 IPSec concurrent tunnels are intended as connections or as gateways. Hope that @Zyxel_Emily can ease the doubt.

    If you're willing to protect admin interface, consider to create a L2TP Gateway (there is plenty of documentation on how to create gateway, connection and more other interesting things) and use Firewall rules to create the right perimeter of access to your devices/networks.

    If you are in Italy maybe i can professionally support you.

  • damianodec
    damianodec Posts: 42  Freshman Member
    First Comment Friend Collector First Anniversary

    hi @mMontana

    thank you,

    If I try Quick setup - VPN Setup Wizard, does it create another VPN connection ? the other VPN connections still work ? or overwrites ?

    thank you.

    (yes I'm in Italy and if necessary I'll ask you for professionally support)

  • mMontana
    mMontana Posts: 1,389  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary

    I don't know, i'm sorry. I never use Quick Setups or Wizards.

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,396  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @damianodec, @mMontana,

    The maximum concurrent IPsec VPN tunnels on USG40 is 20 which includes site-to-site VPN, L2TP over IPSec VPN and client-to-site IPSec VPN.

  • Implosion
    Implosion Posts: 1  Freshman Member
    First Comment
    edited July 2020
    Can anyone be so kind as to help me set up my ProtonVPN? Verizon is messing with me through Fios -- I *can* connect -- NO internet.

    The only errors are:



    I've been troubleshooting with sporadic success for days... They're even messing with my 4G service -- trying to prevent me from getting to sites like this on my phone. It's literally taken me nearly an hour to post this. Please help ? 

    Does anyone need a sincere Thank You and some good Karma?

Security Highlight