SSLVPN client disconnects when NSX Edge is configured using bulk config API
book
Article ID: 327384
calendar_today
Updated On:
Products
VMware NSX
Issue/Introduction
Symptoms: In an NSX for vSphere 6.3.x and 6.4.x where the NSX Edge is configured using bulk config API, you see these symptoms:
SSLVPN client disconnects.
Environment
VMware NSX for vSphere 6.4.x VMware NSX for vSphere 6.3.x
Cause
This issue occurs when an NSX Edge is configured using bulk config API, the NSX Manager generates new IDs for the existing SSLVPN objects such as IP pools, private networks, users and client installation packages. On The NSX Edge, these objects with new IDs are considered as new. Hence the config engine adds new IP pool configuration followed by the deletion of old IP pools. Because of this delete operation, IP assigned to the tap device on the NSX Edge is removed. This results in the disconnect of the SSLVPNĀ clients. All connected clients have route for private networks through the tap device. Hence the SSLVPN clients will never be able to connect to the SSLVPN server.
Resolution
This issue is resolved in VMware NSX for vSphere 6.3.6 and 6.4.1, available at VMware Downloads.
Workaround: To work around this issue if you do not want to upgrade:
Disable the SSLVPN service.
Re-enable the SSLVPN service.
Note: This assigns an IP address to the tap device. All the SSLVPN client should now be able to connect to the SSLVPN server.