SSLVPN client disconnects when NSX Edge is configured using bulk config API
search cancel

SSLVPN client disconnects when NSX Edge is configured using bulk config API

book

Article ID: 327384

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

In an NSX for vSphere 6.3.x and 6.4.x where the NSX Edge is configured using bulk config API SSLVPN client disconnects.

Environment

  • VMware NSX for vSphere 6.4.x
  • VMware NSX for vSphere 6.3.x

Cause

This issue occurs when an NSX Edge is configured using bulk config API, the NSX Manager generates new IDs for the existing SSLVPN objects such as IP pools, private networks, users and client installation packages.
On The NSX Edge, these objects with new IDs are considered as new. Hence the config engine adds new IP pool configuration followed by the deletion of old IP pools. Because of this delete operation, IP assigned to the tap device on the NSX Edge is removed. This results in the disconnect of the SSLVPN  clients. All connected clients have route for private networks through the tap device. Hence the SSLVPN clients will never be able to connect to the SSLVPN server.

Resolution

This issue is resolved in VMware NSX for vSphere 6.3.6 and 6.4.1.

Workaround:

  1. Disable the SSLVPN service.
  2. Re-enable the SSLVPN service.

Note: This assigns an IP address to the tap device. All the SSLVPN client should now be able to connect to the SSLVPN server.