SSL-VPN: Unable to receive vpn status from service

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

SSL-VPN: Unable to receive vpn status from service

L0 Member

We have a problem to connect a client with Mac OSX v.10.6.6 with netconnect: Error message: Unable to receive vpn status from service.

In the FW we can see that vpn client configuration is generated successfully: slvpn-config-succ  SSL VPN client configuration generated. User name: test, Private IP: 172.20.60.6, Client version 1.2.0-402, Client OS: Mac OSX (Version 10.6.6).

Does ssl-vpn client 1.2.0 have any problem with client Mac OSX v.10.6.6?

8 REPLIES 8

L3 Networker

Hi,

There are no known issues with Mac OSX version 10.6.6, please confirm this device is not running any additional antivirus or firwall settings as this has been the most common cause of ssl connectivity issues.

Regards,

Gary S.

Hi,

Could you please confirm that popup blocker is disabled along with cookies allowed in Safari?

Thanks,

Renato    

I am receiving the same symptom as well with mac os x 10.6.6 - firewall is set to disable, no antivirus

popup blocker not enabled.

Hi Arrowsight,

I would suggest calling Support and opening up a case. We'll possibly need to investigate further.

Regards,

Renato

Hi, finally I opened a support ticket and PA support solved me this issue.

My problem was that I needed a new rule that allow traffic UDP 4501 with source zone untrust to my public IP with vpn services. This port is used to establish IPSec connection in Mac OS X 10.6.6.

With windows clients this port is not necessary and vpn works successfully.

I hope it help you.

Yes, that is correct. After I posted the question, I found that one of the application on the firewall was blocked.  I was surprise MAC uses IPSEC instead of SSL.

thanks for posting the results -- the inbound UDP/4501 was the solution.

It's interesting to note this UDP/4501 conversation is required from netconnect 1.2 on OS_X (10.6.6).

Once NetConnect connection establlished, the subsequent traffic logged as SSL.  (assumign this is IPsec encapsulated inside SSL ).

Note that VPN User session information (/network tab/ssl-vpn/more users info) lists connection as IPsec.

UDP/4501 part of some RFC for IPSEC and NAT-transversal.

So the question is, why would some vpn user post as IPSEC and some as SSL on the Network Tab -> SSL VPN information?  Shouldnt the table be more consistent in outputing the information if IPSEC is encapsulated within the SSL. I've noticed once we open the floodgate of IPSEC for vpn users, it seems that IPSEC is now showing up more on  SSL VPN information than before.

Thanks.

  • 4161 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!