ATP100 + SecuExtender 4.0.5.0

MatteoEuro
MatteoEuro Posts: 12  Freshman Member
First Comment

Greetings,
I configured the VPN following this guide:
https://mysupport.zyxel.com/hc/en-us/articles/360005933219--ZyWALL-USG-How-to-configure-an-SSL-VPN-rule-for-full-tunnel-mode

When I try to connect via SecuExtender, however, it immediately disconnects... The log tells me this.


[ 2024/10/24 11:40:25 ][SecuExtender Helper] Request(104): REMOVE 1326098624/742988375 25 4294967295 4294967295
[ 2024/10/24 11:40:25 ][SecuExtender Helper] Remove Routing
[ 2024/10/24 11:40:25 ][SecuExtender Helper] Remove prioritize routing
[ 2024/10/24 11:40:26 ][SecuExtender Helper] Get netsh path = powershell
[ 2024/10/24 11:40:26 ][SecuExtender Helper] ia is null
[ 2024/10/24 11:40:26 ][SecuExtender Helper] Failed to read from client(2): 109, 0
[ 2024/10/24 11:40:26 ][SecuExtender Helper] Start to Disconnect pipe...
[ 2024/10/24 11:40:26 ][SecuExtender Helper] Shutting down a pipe connection instance...
[ 2024/10/24 11:40:26 ][SecuExtender Helper] ==============================

I can't figure out what the problem could be. I tried from 2 different PCs and the situation is the same.
Can you help me?
Thank you

Accepted Solution

  • Zyxel_Melen
    Zyxel_Melen Posts: 2,575  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    Answer ✓

    Hi @MatteoEuro,

    After checking your configuration, because the WAN interface is in DHCP client mode, it seems your firewall is behind NAT. Therefore, you should create a port forwarding rule, port 443 for TCP & UDP, on the uplink device of your ATP100.

    In addition, your SSL VPN subnet overlaps with your LAN 1 subnet. Kindly remember to change your SSL VPN subnet to another subnet to avoid IP overlapping.

    Zyxel Melen


All Replies

  • Zyxel_Melen
    Zyxel_Melen Posts: 2,575  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @MatteoEuro,

    May I know if you have changed your HTTPS port number from 443 to another port number? If yes, please ensure you have allowed the new port number to access ZyWall.

    If you didn't change the HTTPS port number, please share your configuration file with me to check. Thanks.

    Zyxel Melen


  • MatteoEuro
    MatteoEuro Posts: 12  Freshman Member
    First Comment

    Good morning,
    https port is 443 by default. Can you tell me how to extract the configuration file to send to you?
    Thank you

  • Zyxel_Melen
    Zyxel_Melen Posts: 2,575  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @MatteoEuro,

    Please navigate to Menu > Maintenance > File Manager > Configuration File > Configuration to download the Startup-config.conf file. And share the file with me via private message.

    Zyxel Melen


  • MatteoEuro
    MatteoEuro Posts: 12  Freshman Member
    First Comment

    Perfect, I sent you the file as requested. Thank you

  • Zyxel_Melen
    Zyxel_Melen Posts: 2,575  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    Answer ✓

    Hi @MatteoEuro,

    After checking your configuration, because the WAN interface is in DHCP client mode, it seems your firewall is behind NAT. Therefore, you should create a port forwarding rule, port 443 for TCP & UDP, on the uplink device of your ATP100.

    In addition, your SSL VPN subnet overlaps with your LAN 1 subnet. Kindly remember to change your SSL VPN subnet to another subnet to avoid IP overlapping.

    Zyxel Melen


  • MatteoEuro
    MatteoEuro Posts: 12  Freshman Member
    First Comment

    Good morning, thanks for the support. Upstream of the firewall there is only the router.... Should I therefore create a rule to forward the 443 to the router's IP?
    Thank you

  • Zyxel_Melen
    Zyxel_Melen Posts: 2,575  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @MatteoEuro,

    Yes, please create a port forwarding rule on your router. The destination IP will be the firewall's WAN IP.

    Zyxel Melen


  • MatteoEuro
    MatteoEuro Posts: 12  Freshman Member
    First Comment

    Good morning, I tried but it doesn't work or I did something wrong. I sent you a PM

Security Highlight