New SSL VPN connection Setup//unable to connect from remote client
Hi-
i am trying to setup a vpn connection for a client using a USG Flex 50W (USG20W-VPN) router. I have run through the configuration steps for a SSL VPN, and downloaded the Secuextender vpn client on a local Windows 10 Pro machine. However, i am unable to connect remotely. I have installed the latest firmware. Is there a log file i can attach, and if so where/how to generate log file?
If SSL VPN is not the correct VPN setup i need, please advise. The network is a small workgroup with a computer sharing files. There is no domain/AD. The remote client just wants to be able to access files remotely via the vpn. Client will be using a Mac/Os laptop to connect but i wanted to test the vpn configuration first via my windows machine. I do not have a firewall running locally that would interfere with trying to connect to the vpn router.
i am trying to setup a vpn connection for a client using a USG Flex 50W (USG20W-VPN) router. I have run through the configuration steps for a SSL VPN, and downloaded the Secuextender vpn client on a local Windows 10 Pro machine. However, i am unable to connect remotely. I have installed the latest firmware. Is there a log file i can attach, and if so where/how to generate log file?
If SSL VPN is not the correct VPN setup i need, please advise. The network is a small workgroup with a computer sharing files. There is no domain/AD. The remote client just wants to be able to access files remotely via the vpn. Client will be using a Mac/Os laptop to connect but i wanted to test the vpn configuration first via my windows machine. I do not have a firewall running locally that would interfere with trying to connect to the vpn router.
0
All Replies
-
Dose the USG have the WAN IP or is behind NAT?
You may need to allow a firewall rule from WAN to Zywall HTTPS or you can change this port if needed and connect by IP:port
1 -
The USG has a Wan IP. This is also the address i have been using to try and connect. It seems to have some progress, i added a the WAN firewall for https, at least now, Iget a prompt stating the connection is untrusted. If i click Yes it disconnects, No it disconnects.
I created a Self Certificate. but i am not seeing where i can setup an CA to validate, or add the cert SecuExtender. Please advise?0 -
Ive attached a log file from SecuExtender i found on the workstation im trying to connect with.0
-
Well it seems i found where to change the cert au for www and i now cannot access the web portal to make changes to the device. I take it im going to have to reset to defaults? to get access back to the web inteface?0
-
Hi @dwestman
Kindly check there is no overlap ip address (example:interface/routing) with Network Extension Local IP.
If the issue still persists, Could you provide WebGUI Access and test account for us in Private Messages?
Kevin
0 -
Thanks Kevin- As I stated prior, I am unable to access the web portal, even from inside the network. Changing the Cert Au has made the internal website inaccessible. The local lan ip is 192.168.1.1 address . Network extension ip/ is set to the the 192.168.200.1 address, however, I've never heard of this configuration. The ip range i set for my dhcp pool is 192.168.200.10-25 Should this be set to ad different subnet?
I believe i was finally getting access to the SSL Vpn however certificate settings need to be modified so that it self authorizes users. I created a cert, just need to know proper settings to make that final handshake. However, i'm not opposed to ipsec or L2.. i just know the client will need split tunneling.
I have been configurating this through a remote connection to a workstation inside the network. I will have to reset the device to defaults unless you can think of another way to regain access to the web portal interface? Which i physically wont be onsite and able to do until later in the week.
Quick question: Can i set a set a mac address mask on the device when setting up a static ip address for the Wan?0 -
You don't need to make a certificate unless you want too the default even expired will work clicking yes to the usg20w-vpn_5CE28C60B2B6 should of made a connection.
Set VPN to another range you want any subnet on the USG and remote PC by SSLVPN to not match.
You will need to reset the USG if locked out or use console/SSH to disable HTTP to HTTPS and log in by HTTP
configure terminal
no ip http secure-server force-redirect
0 -
I agree PeterUK,
about the certificate, unfortunately, upon hitting yes to the untrusted network the connection disconnects and loops back to the same status message when trying to reconnect.
I designated the VPN dhcp pool to start originally 192.168.20.10-25 the global ip was 192.168.200.1 I then changed the vpn dhcp pool to 192.168.200.10-.25
while the internal lan dhcp was 192.168.1.1//
Are you suggesting i should change the ip range to a 10.x.x.x or a 172.x.x.x range instead? does the global ip have to match in the same range?
I will have to hard reset the device as i have been trying to configure this through a remote session.0 -
Hi @dwestman,You might login WebGUI after perform the following commandRouter(config)# no ip http secure-server auth-client
Meanwhile, please check SSLVPN can work .Kevin0 -
Hi @dwestman,
Thank for your time today, I think the issue is resolved after remote session.
On the other hands, Please intall the next weekly for fixing SSLVPN issue.
Please feel free to contact us if you have any assistance.
Thank you
Kevin0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 218 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 245 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3.1K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight