SSL VPN I can't ping client on LAN network

Options
Olidalmine
Olidalmine Posts: 3 image  Freshman Member
First Comment
in USG FLEX H Series

I configured an SSL VPN with a standard IP pool: 192.168.51.0/24.

I use OpenVPN as my client to connect, and the connection is established correctly.


However, if I try to ping a client on the network, for example, 192.168.168.10, I get no response.


However, if I ping the IP 192.168.168.1, it responds correctly.


I can't figure out what else I should configure besides enabling SSL VPN and the VPN to LAN policy.

Thanks for your help.

All Replies

  • PeterUK
    PeterUK Posts: 4,411 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary
    edited February 12

    First can you test that you can ping 192.168.168.10 from another device if so then this might be what you need to do.

    Flex 100H VPN SecuExtender clients connects fine; NO ACCESS to remote network devices — Zyxel Community

    If your VPN is IP pool is 192.168.51.0/24

    0.0.0.0 - 192.168.50.255

    192.168.52.0 – 255.255.255.55

  • Zyxel_Tina
    Zyxel_Tina Posts: 642 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 100 Answers 500 Comments

    Hi @Olidalmine,

    Welcome to the Zyxel Community!

    Since the SSL VPN connection is established and you can ping the firewall interface, the VPN itself looks to be working correctly.

    To narrow down the issue, please first test whether the client (192.168.168.10) is reachable from another device in the same LAN subnet.

    • If it is not reachable, please check the firewall on that client to ensure ICMP is allowed.
    • If it is reachable from the same subnet, then as PeterUK suggested, please try pinging that client from a different subnet to verify whether the issue is related to routing or security policy handling between networks.

    Zyxel Tina

  • Olidalmine
    Olidalmine Posts: 3 image  Freshman Member
    First Comment

    Thanks for the replies.

    Ping within the network is working properly.

    I don't have any other subnets to test, only the basic network 192.168.168.1, which generates the firewall by default.


    I have a Zyxel USG FLEX 50H, and this is the first time I'm configuring SSL_VPN.

    I only enabled SSL_VPN as per Zyxel's instructions and set the SSL_VPN service (10443) to Default_Allow_LAN_To_ZyWALL.

    I apologize, but I'm not sure where I should enter the settings you indicated: Policy Route, Static Route, or Policy Control.

  • PeterUK
    PeterUK Posts: 4,411 image  Guru Member
    250 Answers 2500 Comments Friend Collector Eighth Anniversary

    Its Policy Route, have you made any rules in Policy Route?

  • Zyxel_Tina
    Zyxel_Tina Posts: 642 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 100 Answers 500 Comments

    Hi @Olidalmine,

    Thanks for your feedback!

    As PeterUK mentioned, do you have any manually created policy route rules? If possible, please enable Zyxel Support Access so we can review your device directly.

    Zyxel Tina

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)