We have a problem to connect a client with Mac OSX v.10.6.6 with netconnect: Error message: Unable to receive vpn status from service.
In the FW we can see that vpn client configuration is generated successfully: slvpn-config-succ SSL VPN client configuration generated. User name: test, Private IP: 172.20.60.6, Client version 1.2.0-402, Client OS: Mac OSX (Version 10.6.6).
Does ssl-vpn client 1.2.0 have any problem with client Mac OSX v.10.6.6?
Hi, finally I opened a support ticket and PA support solved me this issue.
My problem was that I needed a new rule that allow traffic UDP 4501 with source zone untrust to my public IP with vpn services. This port is used to establish IPSec connection in Mac OS X 10.6.6.
With windows clients this port is not necessary and vpn works successfully.
I hope it help you.
thanks for posting the results -- the inbound UDP/4501 was the solution.
It's interesting to note this UDP/4501 conversation is required from netconnect 1.2 on OS_X (10.6.6).
Once NetConnect connection establlished, the subsequent traffic logged as SSL. (assumign this is IPsec encapsulated inside SSL ).
Note that VPN User session information (/network tab/ssl-vpn/more users info) lists connection as IPsec.
UDP/4501 part of some RFC for IPSEC and NAT-transversal.
So the question is, why would some vpn user post as IPSEC and some as SSL on the Network Tab -> SSL VPN information? Shouldnt the table be more consistent in outputing the information if IPSEC is encapsulated within the SSL. I've noticed once we open the floodgate of IPSEC for vpn users, it seems that IPSEC is now showing up more on SSL VPN information than before.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!