USG40 IPSec VPN : some TCP protocols are blocked
Hi,
We have an Ipsec Gateway is configured on a USG40W behind a VDSL router.
I connect to this VPN from an Ubuntu laptop with Shrew VPN client.
Many protocols have no problems, eg SSH, Telnet, HTTP/S over various ports, Mysql ..
But I have problems (connections hangs) with :
Oracle databases (TCP1521)
GIT server over SSH (SSH access to the server is OK)
the USGW40 admin page (after login hangs on https://xxx.xxx.xxx.xxx:4443/cgi-bin/zysh-cgi)
Any idea?
Franck
We have an Ipsec Gateway is configured on a USG40W behind a VDSL router.
I connect to this VPN from an Ubuntu laptop with Shrew VPN client.
Many protocols have no problems, eg SSH, Telnet, HTTP/S over various ports, Mysql ..
But I have problems (connections hangs) with :
Oracle databases (TCP1521)
GIT server over SSH (SSH access to the server is OK)
the USGW40 admin page (after login hangs on https://xxx.xxx.xxx.xxx:4443/cgi-bin/zysh-cgi)
Any idea?
Franck
0
Comments
-
Hi @flefabure,
Once the VPN is established, the IP layer routing should be okay to forward the packets to Intranet.
If it is fail on specific service port, it could be affect by security policy rule.
Can you check the security rule log on USG. is there any packets blocking log?
0 -
Hi @Zyxel_Cooldia, thanks for your answer,
I meet the problems connected from my home's ADSL.
Today I'm at the office, with the same laptop, so to answer your question, I try to reproduce the problem with theses steps :
- disconnect laptop from the office's LAN
- connect it to Internet through a 4G connection (with my mobile internet sharing)
- mount the VPN
- access one of the blocking resource.
==> They are now all accessibles ! problem seems gone.
It's weird because when I'm at home the problem is totally reproducible
So it doesn't look like a firewall problem. That sounds like something like MTU problem, or related (but I'm not a network specialist)
0 -
Hi @flefebure,
Do you have packets capture on server side(Service side packets trace) when you use VPN to connect Oracle databases and GIT server from home?
Just want to confirm does the server receive the specific port connection packets from VPN client.
0
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 114 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 65 Switch Ideas
- 901 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 831 Nebula FAQ
- 401 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight