01-10-2011 02:02 AM
We have a problem to connect a client with Mac OSX v.10.6.6 with netconnect: Error message: Unable to receive vpn status from service.
In the FW we can see that vpn client configuration is generated successfully: slvpn-config-succ SSL VPN client configuration generated. User name: test, Private IP: 172.20.60.6, Client version 1.2.0-402, Client OS: Mac OSX (Version 10.6.6).
Does ssl-vpn client 1.2.0 have any problem with client Mac OSX v.10.6.6?
01-10-2011 07:42 PM
Hi,
There are no known issues with Mac OSX version 10.6.6, please confirm this device is not running any additional antivirus or firwall settings as this has been the most common cause of ssl connectivity issues.
Regards,
Gary S.
01-11-2011 05:12 AM
Hi,
Could you please confirm that popup blocker is disabled along with cookies allowed in Safari?
Thanks,
Renato
01-24-2011 09:07 AM
I am receiving the same symptom as well with mac os x 10.6.6 - firewall is set to disable, no antivirus
popup blocker not enabled.
01-24-2011 10:20 AM
Hi Arrowsight,
I would suggest calling Support and opening up a case. We'll possibly need to investigate further.
Regards,
Renato
01-25-2011 12:22 AM
Hi, finally I opened a support ticket and PA support solved me this issue.
My problem was that I needed a new rule that allow traffic UDP 4501 with source zone untrust to my public IP with vpn services. This port is used to establish IPSec connection in Mac OS X 10.6.6.
With windows clients this port is not necessary and vpn works successfully.
I hope it help you.
01-25-2011 08:48 AM
Yes, that is correct. After I posted the question, I found that one of the application on the firewall was blocked. I was surprise MAC uses IPSEC instead of SSL.
02-17-2011 08:00 AM
thanks for posting the results -- the inbound UDP/4501 was the solution.
It's interesting to note this UDP/4501 conversation is required from netconnect 1.2 on OS_X (10.6.6).
Once NetConnect connection establlished, the subsequent traffic logged as SSL. (assumign this is IPsec encapsulated inside SSL ).
Note that VPN User session information (/network tab/ssl-vpn/more users info) lists connection as IPsec.
UDP/4501 part of some RFC for IPSEC and NAT-transversal.
02-17-2011 08:21 AM
So the question is, why would some vpn user post as IPSEC and some as SSL on the Network Tab -> SSL VPN information? Shouldnt the table be more consistent in outputing the information if IPSEC is encapsulated within the SSL. I've noticed once we open the floodgate of IPSEC for vpn users, it seems that IPSEC is now showing up more on SSL VPN information than before.
Thanks.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
