SSL VPN-Plus MAC client connects but no traffic is passing through
Article ID: 303281
Updated On:
Products
VMware NSX for vSphere
Issue/Introduction
- SSL vpn client connects but the traffic doesn't reach the private network.
- On the client
tcpdump -i en1 -n host <sslvpn serverip>,we see network traffic for the destination. - On the Edge gateway, entries similar to below can be seen:
Edge01-0> show interface na0
Interface na0 is up, line protocol is up
index 14 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST>
inet6 fe80::34a1:####:####:####/64
inet <ipv4 ip> << is missing proxy_arp: disabled
Full-duplex, 10Mb/s
input packets 0, bytes 0, dropped 0, multicast packets 0
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 4, bytes 520, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
Environment
VMware NSX for vSphere 6.3.x
VMware NSX for vSphere 6.4.x
Resolution
To resolve the issue,
- Connect to vCenter -> Network and Security -> NSX Edges -> <edge> -> manage -> sslvpn plus -> ip pool
- Remove the pool and recreate the ip pool.
- The new configuration is published and the na0 contains ipv4 gateway from ip pool.
Edge01-0> show interface na0
Interface na0 is up, line protocol is up
index 14 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST>
inet6 fe80::34a1:####:####:####/64
inet 192.#.#.#/24 <-- Previously was missing
proxy_arp: disabled
Full-duplex, 10Mb/s
input packets 0, bytes 0, dropped 0, multicast packets 0
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0, missed 0
output packets 4, bytes 520, dropped 0
output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0
collisions 0
Feedback
Yes
No
Powered by
