dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
727
share rss forum feed

bverdon

join:2012-11-26
Canton, GA

Several USG20W issues....anyone care to chime in?

So I have a small office network with the following:

3 wireless interfaces, custom zones
1 NAS connected to DMZ LAN interface
1 VOIP (ooma) system connected to custom zone
1 IPSec site to site VPN with multiple SA's (working fine)
DDNS working fine
SSL VPN working fine

Multiple FW rules working fine including 1 to 1 NAT and SNAT

seems I have run into a few very frustrating bugs.

The least frustrating issue is the DNS forwarder one. It just doesn't work but my workaround is to assign my corporate DNS entries via DHCP and the workaround works fine. Still would like to know if this is working for ANYONE for a site to site VPN connection/DNS servers?

The most frustrating issue...and a strange one. Everything works fine for several hours and then all of a sudden, the wireless connected clients can no longer route to the Internet. The one wireless client that has access to the VPN can hit networks via the tunnel but not the Internet.

I have to either bounce the wireless interfaces or reboot the box to regain connectivity. It normally can take anywhere from 2 to 4 hours to occur.

It appears that this happens if I leave a management session to the GUI open...things just get real unstable but only for the wireless networks accessing the internet. I can reproduce this over and over. It seems to work fine when I log out completely and close the browser so I think it is tied to the management GUI session. It has happened using IE 8 and Firefox 17.

Anyone else ever heard of such issues?

Thanks for looking.


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
Not sure about the wireless (I don't have 20W to test) but I've experienced the DNS and some IPSec issues too. The recent beta FW seems to be fixing that (check your PM).

bverdon

join:2012-11-26
Canton, GA
Thanks. I will give that a shot tonight. At the moment, VPN's seem to very stable. Any idea if there is some sort of list of what this code addresses?

bverdon

join:2012-11-26
Canton, GA
reply to Brano
Well...looks like I was already running that flavor of code. I had emailed tech support and that is what they provide. Unfortunately, I had to reboot the box.

I hope they can help...would hate to toss the box and go to another vendor.

Thanks for you help. let m know if you have any other suggestions

bverdon

join:2012-11-26
Canton, GA
reply to Brano
Well....decided to compare my current config to the start-up config line by line to figure out what the heck is going on with this guy.

given my symptoms...I keep going back to the WLAN not routing traffic properly......and noticed this:

interface wlan-1-2
description wan2
ssid mancave
station-limit 255
security mode wpa2
reauth 1800
idle 3000
group-key 1800
upstream 1048576
downstream 1048576
mtu 1500
ip address 192.168.81.1 255.255.255.0
ip rip send version 2
ip rip receive version 2
ip ospf priority 1
ip ospf cost 10

I removed all the RIP and OSPF garbage from the interfaces, saved the config...rebooted and confirmed they are no longer there.

crossing my fingers.....will let you know.

bverdon

join:2012-11-26
Canton, GA
That wasn't it. Just to get stability I had to St things bat to factory defaults and start all over. I will be saving findings offten changing things press frequently just to figure out what is going on with this thing


dnoyeB
Ferrous Phallus

join:2000-10-09
Southfield, MI
kudos:1
reply to bverdon
I gave up on Zyxel wifi many years back. I have a USG20 though and it works fine. I have not enough experience with VPN to know about your internet issue.

bverdon

join:2012-11-26
Canton, GA
Well....I have gotten things stable now but it took some work.

Most seems to be related to the SA's for the VPN and the policy based routing...and maybe the RIP and OSPF (disabled those just in case).

Now have a stable config...and I adding some things in...but backing up frequently as I keep breaking things when I change something so having the backups on the box is handy.

I shouldn't be having these issues...and at this point I feel like I know the product better then the folks I talk to when I call in for support. I got the DNS forwarding thing working and figured out why it wasn't working. Support was trying to tell me that DNS forwarding does something completely different than what I was trying to do, yet the help file explained stated it what the feature was for. As it turned out, the client needs to point to the Zyxel itself for DNS vs. other DNS servers....which makes sense...but isn't documented anywhere. I figured it out before support could so I take it that most people don't use most of the features that I am using.

It is a full featured product but not supported well. I can't get them to tell me why the content filter reporting at their site isn't seeing data...stuff like that.