Lost SSL Connection - after firmware upgrade from 4.38 on ZyWall 110 to 4.60
Hi @IPCETRIXYou may double confirm your SSL VPN IP pool and Network extension local IP without IP subnet conflict with your interfaces.
And then you can make sure SecuExtender has installed successfully on your PC. (TAP-Windows Adapter V9 for Zyxel Extender has installed successfully)0
But may the SSP IP Pool and the Local Network Extension IP Address be of the same subnet (of course without conflict)?For example, our USG Local Network Extension IP reads 192.168.200.1 while the SSL IP Pool is from 192.168.200.10 to 192.168.200.50.Unfortunately the term Local Network Extension IP is not really good explained in user manual.edit:At least both our SSL VPN and IPSec VPN are still running after firmware update from 4.39 to 4.60(AAPH.1)
Local Network Extension IP address is a virtual interface on device.
After SSL VPN is established, SSL VPN client traffic will send to virtual interface.
You can check routing table, you will find the extension IP as a gateway in the list.
And it is the reason IP shouldn’t conflict.
IPCETRIX Posts: 3Hi!
Thank you all for your professional advice.
Apparently from the firmware 4.39 and above ZyXel restrict all users from Admin group to use SSL.
Don't ask me why as I have no explanation. Moving user from Admin to User group resolve the problem.
Second issue was that we shift HTTPS listening port from 443 to XX443 for remote access to web interface from specific IPs, however SSL VPN continue listen to port 443. From firmware 4.39 Zyxel bind both services. You need to set the same port in SecureExtender as it in WWW setting.
It’s good to know you can establish SSL VPN tunnel.
We have restricted admin type user to establish SSL VPN tunnel.
In the future, we has planed to change SSL VPN port to others.
Then WebGUI and SSL VPN will listen in different ports.0
We've changed the SSL VPN Access Port from 443 to XX443 in SYSTEM > WWW. Further we've denied the access to Admin GUI from any other zones than internal LAN1. Works fine since many months.
- 8.5K All Categories
- 1.6K Nebula
- 71 Nebula Ideas
- 57 Nebula Status and Incidents
- 4.5K Security
- 226 Security Ideas
- 981 Switch
- 46 Switch Ideas
- 874 WirelessLAN
- 22 WLAN Ideas
- 5.1K Consumer Product
- 157 Service & License
- 280 News and Release
- 98 Success Stories
- 59 Security Advisories
- 13 Education Center
- 580 FAQ
- 263 Nebula FAQ
- 160 Security FAQ
- 76 Switch FAQ
- 74 WirelessLAN FAQ
- 7 Consumer Product FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 69 About Community
- 46 Security Highlight