Sometimes when the request from a robot does not match up to what is configured in the hub, the hub security can break.
This usually happens when a system is using NAT in some way. In these cases, IP validation must be disabled on the hub along with disabling it in the security.cfg file which is done with a PU call back.
Verify the above setting by using "hubsec_setup_get" callback with key set as 'ignore_ip'
On tunnel Client's hub.cfg, add “check_cn = no” under tunnel entry or using hub GUI un-check “Check Server common name” in tunnel client entry.
With these actions taken, your issue should be resolved.
Note that in some cases the two actions listed below may be enough to resolve this error.
Using the Probe Utility which is accessed by selecting the probe and pressing Ctrl-P: