Stephen  Freshman Member

Thanks - that makes sense. I'll focus in on solution 1 & 2.

Yep - it's good to go now. Thanks!

I have it working now, but I had to turn something off in order to make it work. I had a routing rule that address translation set to a specific IP. I have five public IPs coming in. Turning that off seems to have fixed things. That being said, now traffic from my email server is going out over the wrong IP. Example…

I lose all access to the internet when doing that. Not only can I not ping the device, I can no longer get any internet access.

Okay - did all that. That comes back with: Warning message:<br>CLI Number: 3<br>Warning Number: 28005<br>Warning Message: 'Invalid gateway from Next-Hop interface. Policy route will not work.'

Does not appear that way. It was not, but I changed it to overlap with a subnet I know works and that did not fix anything. I added the DNS record, also with no success. Just attempting a simple ping test - while sitting on the network (i.e. 192.168.1.33) attempting to ping the server (which I forgot to mention is on the…

Yes - a packet capture off the USG shows TCP SYN to the server and server sending SYN ACK back to the user/device.

Under the first DNS option, in the GUI, it's set to ZyWALL. I'm not sure why it's showing up as 0.0.0.0. I've tried having 8.8.8.8 in there as well, but no success changing the DNS around. No, I'm not seeing any blocks. I'm seeing it all forwarded. I can see the computer hitting the email server as well. If I'm local on…

@Zyxel_Cooldia -- sorry for the delay. <p>index: 1</p> <p> active: yes</p> <p> name: Stephen_SSL</p> <p> description: SSL VPN for Stephen</p> <p> user: stephen</p> <p> ssl application: </p> <p> network extension: yes</p> <p> traffic enforcement: yes</p> <p> netbios broadcast: no</p> <p> ip pool: SSL_VPN_USERS</p> <p> dns…

In the above example, the SSL addresses are being given a 192.168.2.X address upon connection.

@PeterUK - NAT loopback is set up. Yes, it's essentially a 192.168.1.10 like address. It's set up as a 1:! NAT. I see the traffic hitting the email server, but nothing seems to be transiting back. 

@PeterUK - yep. Unchecking "Force all client traffic to enter SSL VPN tunnel" does seem to fix that. That being said...is there a way to have both? @Zyxel_Cooldia -- do you want that run from the Console? I've had trouble getting that to run, so I'll need to get that fixed.