SSL-VPN: Unable to receive vpn status from service

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L0 Member

SSL-VPN: Unable to receive vpn status from service

We have a problem to connect a client with Mac OSX v.10.6.6 with netconnect: Error message: Unable to receive vpn status from service.

In the FW we can see that vpn client configuration is generated successfully: slvpn-config-succ  SSL VPN client configuration generated. User name: test, Private IP: 172.20.60.6, Client version 1.2.0-402, Client OS: Mac OSX (Version 10.6.6).

Does ssl-vpn client 1.2.0 have any problem with client Mac OSX v.10.6.6?

Tags (1)
Highlighted
L3 Networker

Hi,

There are no known issues with Mac OSX version 10.6.6, please confirm this device is not running any additional antivirus or firwall settings as this has been the most common cause of ssl connectivity issues.

Regards,

Gary S.

Highlighted
L6 Presenter

Hi,

Could you please confirm that popup blocker is disabled along with cookies allowed in Safari?

Thanks,

Renato    

Highlighted
Not applicable

I am receiving the same symptom as well with mac os x 10.6.6 - firewall is set to disable, no antivirus

popup blocker not enabled.

Highlighted
L6 Presenter

Hi Arrowsight,

I would suggest calling Support and opening up a case. We'll possibly need to investigate further.

Regards,

Renato

Highlighted
L0 Member

Hi, finally I opened a support ticket and PA support solved me this issue.

My problem was that I needed a new rule that allow traffic UDP 4501 with source zone untrust to my public IP with vpn services. This port is used to establish IPSec connection in Mac OS X 10.6.6.

With windows clients this port is not necessary and vpn works successfully.

I hope it help you.

Not applicable

Yes, that is correct. After I posted the question, I found that one of the application on the firewall was blocked.  I was surprise MAC uses IPSEC instead of SSL.

Highlighted
L2 Linker

thanks for posting the results -- the inbound UDP/4501 was the solution.

It's interesting to note this UDP/4501 conversation is required from netconnect 1.2 on OS_X (10.6.6).

Once NetConnect connection establlished, the subsequent traffic logged as SSL.  (assumign this is IPsec encapsulated inside SSL ).

Note that VPN User session information (/network tab/ssl-vpn/more users info) lists connection as IPsec.

UDP/4501 part of some RFC for IPSEC and NAT-transversal.

Highlighted
Not applicable

So the question is, why would some vpn user post as IPSEC and some as SSL on the Network Tab -> SSL VPN information?  Shouldnt the table be more consistent in outputing the information if IPSEC is encapsulated within the SSL. I've noticed once we open the floodgate of IPSEC for vpn users, it seems that IPSEC is now showing up more on  SSL VPN information than before.

Thanks.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!