In an NSX for vSphere 6.3.x and 6.4.x where the NSX Edge is configured using bulk config API SSLVPN client disconnects.
This issue occurs when an NSX Edge is configured using bulk config API, the NSX Manager generates new IDs for the existing SSLVPN objects such as IP pools, private networks, users and client installation packages.
On The NSX Edge, these objects with new IDs are considered as new. Hence the config engine adds new IP pool configuration followed by the deletion of old IP pools. Because of this delete operation, IP assigned to the tap device on the NSX Edge is removed. This results in the disconnect of the SSLVPN clients. All connected clients have route for private networks through the tap device. Hence the SSLVPN clients will never be able to connect to the SSLVPN server.
This issue is resolved in VMware NSX for vSphere 6.3.6 and 6.4.1.
Workaround:
Note: This assigns an IP address to the tap device. All the SSLVPN client should now be able to connect to the SSLVPN server.