SSL VPN from external mobile office with a local printer

dario_c
dario_c Posts: 2
Friend Collector First Comment
edited April 2021 in Security

Hi all. One of our customer owns a Zywall USG40 and wants to create a VPN tunnel for their external technicians toward the company lan, so the tecnicians can access the ERP software for the daily work.

Every technician drives a van where there are a mobile LTE router, a notebook and a printer. Both the notebook and the printer work through the wireless lan generated by the mobile LTE router.

Both the company LAN and the technician's wifi LAN use the same IP address class (192.168.1.0) and then same gateway (Zywall IP is 192.168.1.1, mobile LTE router IP is 192.168.1.1)

We completed the configuration of the SSL VPN on the USG40 and the Zyxel Secuextender software on thecnician's notebook.

Everything works fine except for the printer: when the VPN is connected, the printer goes offline on the notebook.

Is there a way to let the technician's notebook to use the local wifi printer while it's connected through the VPN? Or it will be necessary to change the IP classes? Or something else?

Thanks in advance

Comments

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @dario_c ,

    Welcome to Zyxel Community. 

    It need to change technician's WiFi LAN to avoid subnet overlap.

    For USG-40, add 192.168.1.1/24 subnet into Network list and untick “Force all client traffic to enter SSL VPN tunnel”.

    Please have a try. 😀

     

    Go to “CONFIGURATION > VPN > SSL VPN > Access Privilege”, edit your VPN profile.


  • dario_c
    dario_c Posts: 2
    Friend Collector First Comment
    edited July 2019

    Hi @Zyxel_Cooldia , thank you for yor answer.

    The USG-40 has the “Force all client traffic to enter SSL VPN tunnel” option unticked and the lan1 subnet automatically sets to 192.168.1.0/24 because it's the lan1 interface subnet. Nonetheless, the VPN behaviour is the one I described on the first post :(

    The only difference I can see compared to your screenshot is the SSL VPN "Assign IP Pool": I have a RANGE while you have a SUBNET. Could it be relevant for the problem?

    Below you can see the screenshot:


  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @DarioGiacu

    It is not related to the problem.

    Is the LTE router Lan subnet still same as remote USG Lan subnet 192.168.1.0/24?

    You can change the LTE lan subnet or USG lan subnet and try it again.

Security Highlight