ZyWall USG 100 PLUS - SecuExtender Connection is disconnected when the second user tries to connect

kernel24
kernel24 Posts: 15  Freshman Member
First Anniversary First Comment
edited April 2021 in Security

Hi everyone,


I have a Zywall USG 100 PLUS, I configured the SSL VPN.


I created the users.


I installed SecuExtender and it works!


But if a user is connected with SSL VPN ... and the second user tries to connect, this error appears:

SecuExtender Connection is disconnected


If I disconnect user 1 and I connect user 2, user 2 connects perfectly.


I didn't understand if this product supports the SSL VPN connection of one user at a time, or there is something wrong with the configuration.


I thank you all in advance.

All Replies

  • PeterUK
    PeterUK Posts: 2,651  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    The Included SSL VPN users is two going by this datasheet.

    ftp://ftp2.zyxel.com/USG100-PLUS/datasheet/USG100-PLUS_8.pdf

    Can you make a group for the VPN users and then add that group in SSL VPN setups.

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @kernel24

    It have 2 tunnels available by default. 

    You can confirm that SSL VPN “Assign IP Pool” settings first, the address object supposed to be a IP range or subnet.

    If you assign only one IP address, only the first user can connect to device, the 2nd user cannot establish the SSL VPN tunnel because no available IP can be assigned.


    Go to “CONFIGURATION > VPN > SSL VPN > Access Privilege”, click “edit”.

    Create a new address object

    Type : Subnet


    Make sure Assign IP pool is a range or subnet.


  • kernel24
    kernel24 Posts: 15  Freshman Member
    First Anniversary First Comment

    Good morning,


    I tried them all.


    Always connect one user at a time.


    Do you have any other advice?

  • kernel24
    kernel24 Posts: 15  Freshman Member
    First Anniversary First Comment
    edited July 2019

    Hi everyone,


    I have solved.


    The problem is that a user did not click on the secuextender "disconnect" button when he finished working. (even if he turned off the computer, he was still logged in to the firewall)


    he was always logged in as a vpn ssl user. (see attached photo).



    So I disconnected him from the firewall brutally.


    thanks for your help.

  • PeterUK
    PeterUK Posts: 2,651  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited July 2019

    To stop that from happening you can under object > user/group for the given user name to set lease time to 2 minutes.

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,426  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @kernel24

    Good to hear that you have solved it. 😃

    You can follow PeterUK’s suggestion to set the lease time, it can force kick out the user when the lease time is timeout.

Security Highlight