SSL VPN
I have set up SSL VPN and as a user I can connect. However, the client is not getting a IP address from the Zyxel 110. the Firewall LAN1 IP scope is 192.168.11.1 - .254 , with a DHCP range of 192.168.11.10 - .254. When a SSL VPN client connects it shows connected, how the IP address given is 192.168.11.0 .... and nothing from the DHCP range. I am using SSL VPN client v4.0.3.0 and the firmware on the Firewall is v.4.33 (AAAA.0).
All Replies
-
Disregard, I figured out the issue. The SSL VPN requires an assigned IP pool that is not on the local LAN1 scope. I created a Virtual Scope under LAN1 and then added that as a RANGE in Object/Addresses. once that was done I connected back the the SSLVPN and was handed out an IP within the Virtual Scope and life was good.0
-
Hi @Ricky
The VPN (SSL VPN/L2TP VPN) pool can’t overlap to other interfaces, otherwise the traffic unable pass into VPN tunnel successfully.
It’s good hard you found the reason of it.
0 -
I have a similar issue where the vpn connects and i get 192.168.201.100 and the server is 192.168.200.1 but I keep getting an ACCESS BLOCK in the log when 201.100 tries to talk to 200.1. What is the issue, please?
0 -
Hi @DACataldo ,
Greeting Forum, the default Network Extension Local IP is also 192.168.200.1. It should not overlap with your local subnet.
Please kindly change IP from 192.168.200.1 to anther one. Thanks
0 -
Thank you for your reply. My global setting looks like yours. My subnet is 201 not 200 in the VPN config - do you mean like this?
Thank you so much!
0 -
Hi @DACataldo ,
Yes , I means replace the global extension IP from 192.168.200.1 to 192.168.X.X which is not used in your subnet.
Address 192.168.200.1 is the same as your DNS server0 -
Thank you for helping. Now it gives me access to the WINS server (10.10.1.14) and also the internet. Still blocking everything else on the 10.10.1.0/24 network though. They get blocked by the default rule. What rule am I missing? Perhaps I should pay for Zycel advice? What is the correct Zyxel phone number that I am supposed to call to pay for someone to fix this for me? Thank you.
0 -
Hi @DACataldo ,
Please kindly check :
1)You have correct Zone for SSL VPN settings
2)You have default policy From SSLVPN zone to any
If the issue persist we can have remote session at 08:00~17:00 (UTC+8) . Thank you
0 -
Thank you again for your response! Here is my SSL VPN policy and below that are my security policies:
It seems to have access to a couple IP addresses on 10.10.1.0/24 and no access to most of that network. And I am using SecuExtender 4.0.4.0 - should I be using 4.0.3.0?
Thank you again!
Dave
0 -
Hi @DACataldo ,
Could you provide remote GUI access for us.
I sent you my public IP by private message. You may only allow those for access.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight