Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

SSL VPN

My favorite VPN solution for remote client access is SSL VPN technology, which is also supported by the ZyXEL USG100. SSL VPN technology works using a browser instead of a client, tends to work better from more remote networks and is generally easier to configure.

I found SSL VPN connections on the USG100 to be easy to set up as well as incredibly flexible in terms of network access. On the USG100, all I had to do was create a user name and password, then enable and configure Access Privileges for SSL Clients.

SSL VPN Setup
Click to enlarge image

Figure 14: SSL VPN Setup

Part of the Access Privilege configuration is shown in Figure 14 above. Notice in the bottom right a window labeled Member. Here I am telling the USG100 that SSL Clients have access to the Address Objects named DFLLAN, DMZ_Subnet, and LAN2_SUBNET. This means the USG100 will set up a remote connection to each of these subnets behind the USG100.

Once configured and enabled, I was able to use an XP Pro based laptop and remotely connect to devices in each of these three different subnets. I later modified the USG100 to allow access via the SSL Client to devices on the other end of the Site-Site VPN.

Figure 15 below, produced using the DOS command netstat -r, shows the routing table on my laptop while running the SSL Client. Notice the Network Destinations on the left equal to 192.168.3.0, 192.168.10.0, and 192.168.13.0. These subnets are the Address Objects LAN2_SUBNET, DFLLAN, and DMZ_Subnet. This output shows that my laptop has installed routes via the SSL VPN to access each of these networks.

netstat of SSL connection

Figure 15: netstat of SSL connection

One of the values of SSL VPNs is there is no configuration required by the remote PC user, since the connection is established using a browser that automatically downloads an SSL connection applet. The applets, however, still must be compatible with various browsers. I was able to connect to the USG100 via an SSL VPN using both IE7 and Firefox 3.01, but not Safari.

SSL applets must also be compatible with the client computer's operating system. Unfortunately, the USG100's SSL VPN applet only works on XP and only supports two licenses.(The latter is a product policy, not a technology limitation.) In a conference call with ZyXEL, I was informed that Vista support for SSL connections will be out in 2009 and that additional licenses can be purchased (upgrade from 2 to 5 licenses is $95).

Other Features

A couple other aspects of the USG100 I found interesting are the File Management system and the option to run the USG100 in High Availability (HA) configuration. With its File Management System, the USG100 can store and run multiple files on its 256MB of flash storage, including configuration files, firmware, and shell scripts.

With the plethora of configurable options, an administrator may want to try one configuration, save it, try another, and then return to the previous. Configuration files are stored with a .conf extension, and are readable in any text editor. Restoring any of those files is a matter of uploading it to the USG, highlighting the file, and clicking run. I found this a convenient way to return the device to its default settings, although reboot times were pretty slow, consistently requiring nearly 4 minutes to fully restore.

In the small network market, it is unusual to see High Availability functionality, which is the ability to run a pair of devices with one active and the other in a passive or standby mode. Two USG100s running the same firmware and subscription levels can be installed together, providing not only redundancy via Dual WAN ports if deployed, but in physical hardware as well!

One last important feature is the USG100's bandwidth controls. You can set egress (outbound) bandwidth limitations on all ports and between interfaces. Ingress controls are also provided, but the documentation says that they are for "future use".

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

I have an RT-86U and because of various reasons ended up starting to use Merlin on it. Works ok'ish but lately I haven't been able to add anymore DHCP...
I've recently gotten a Asus 88u(3rd party routers) and tried testing it out with my ISP(singtel) provided modem/router combo (aka ONR) and a pair of u...
had a share problem but figured it out. all better now.wish there was a way to delete this post
Before anyone says "what could you need 10GbE for anyway", I will say that I do not need 10GbE, but I do need more than 1GbE. So, I am looking for opt...
I’m not sure if this is the correct forum so, mods, please move if needed. My situation is that we about to get the NBN FTTN / VDSL2+ via iiNet and I’...

Don't Miss These

  • 1
  • 2
  • 3