Flex 100H VPN SecuExtender clients connects fine; NO ACCESS to remote network devices

Options
Joe265
Joe265 Posts: 3 image  Freshman Member
First Comment
in USG FLEX H Series

All Replies

  • Joe265
    Joe265 Posts: 3 image  Freshman Member
    First Comment

    This was all working fine until latest firmware update v1.36

  • PeterUK
    PeterUK Posts: 4,228 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary
    edited October 23

    Took me some time to work this out and the fix is there needs to be a routeing rule next hope to remote VPN.

    The problem is this if you have a routing like
    incoming LAN
    next hop WAN
    SNAT outgoing-interface

    When VPN traffic goes to LAN it gets to the device then a reply happen but the traffic to the VPN IP follows the routeing rule above and so never get back to the client.

    There is no routing rule you can make to fix this but there is a workaround
    make two address objects with the following range if your VPN IP pool is 192.168.50.0/24
    0.0.0.0 - 192.168.49.255
    192.168.51.0 – 255.255.255.55
    in a group
    Then add that to the above routeing rule for Destination Address

  • Zyxel_Melen
    Zyxel_Melen Posts: 4,134 image  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Administrator - Switch Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi @Joe265

    Have you tried the method that @PeterUK provided? If yes, but the issue remains, please share your USG FLEX 100H's configuration with us, so we can help to check this issue.

    Zyxel Melen


Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)