ATP100 + SecuExtender 4.0.5.0
Freshman Member
Greetings,
I configured the VPN following this guide:
https://mysupport.zyxel.com/hc/en-us/articles/360005933219--ZyWALL-USG-How-to-configure-an-SSL-VPN-rule-for-full-tunnel-mode
When I try to connect via SecuExtender, however, it immediately disconnects... The log tells me this.
[ 2024/10/24 11:40:25 ][SecuExtender Helper] Request(104): REMOVE 1326098624/742988375 25 4294967295 4294967295
[ 2024/10/24 11:40:25 ][SecuExtender Helper] Remove Routing
[ 2024/10/24 11:40:25 ][SecuExtender Helper] Remove prioritize routing
[ 2024/10/24 11:40:26 ][SecuExtender Helper] Get netsh path = powershell
[ 2024/10/24 11:40:26 ][SecuExtender Helper] ia is null
[ 2024/10/24 11:40:26 ][SecuExtender Helper] Failed to read from client(2): 109, 0
[ 2024/10/24 11:40:26 ][SecuExtender Helper] Start to Disconnect pipe...
[ 2024/10/24 11:40:26 ][SecuExtender Helper] Shutting down a pipe connection instance...
[ 2024/10/24 11:40:26 ][SecuExtender Helper] ==============================
I can't figure out what the problem could be. I tried from 2 different PCs and the situation is the same.
Can you help me?
Thank you
All Replies
-
Hi @MatteoEuro,
May I know if you have changed your HTTPS port number from 443 to another port number? If yes, please ensure you have allowed the new port number to access ZyWall.
If you didn't change the HTTPS port number, please share your configuration file with me to check. Thanks.
0 -
Good morning,
https port is 443 by default. Can you tell me how to extract the configuration file to send to you?
Thank you0 -
Hi @MatteoEuro,
Please navigate to Menu > Maintenance > File Manager > Configuration File > Configuration to download the Startup-config.conf file. And share the file with me via private message.
0 -
Perfect, I sent you the file as requested. Thank you
0 -
Hi @MatteoEuro,
After checking your configuration, because the WAN interface is in DHCP client mode, it seems your firewall is behind NAT. Therefore, you should create a port forwarding rule, port 443 for TCP & UDP, on the uplink device of your ATP100.
In addition, your SSL VPN subnet overlaps with your LAN 1 subnet. Kindly remember to change your SSL VPN subnet to another subnet to avoid IP overlapping.
0 -
Good morning, thanks for the support. Upstream of the firewall there is only the router.... Should I therefore create a rule to forward the 443 to the router's IP?
Thank you0 -
Hi @MatteoEuro,
Yes, please create a port forwarding rule on your router. The destination IP will be the firewall's WAN IP.
0 -
Good morning, I tried but it doesn't work or I did something wrong. I sent you a PM
0
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 384 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
