Other reasons related to Anti-Spoofing, Routing, rulebase, etc. The " Maximum concurrent tunnels" and/or " Maximum concurrent IKE negotiations" is(are) too low.
Note: To set it permanently, also run: HostName> save config Log in to Expert mode. The first certificate is based on the VPN Server Authentication template according to the microsoft documentation. Office Mode IP Pool is part of the VPN Encryption Domain (Office Mode assigns an IP address from one of the 'internal' networks behind VPN Gateway) and ' Location Aware Connectivity' settings are configured for Endpoint Connect client - in such case, Endpoint Connect client might consider itself located on the internal network, and disconnect. Actually we have 2 certificates on the VPN Server, one from the internal CA (RSA) and one public certificate for the SSTP (RSA) connections.
Below is the group policy which is being applied to my clients: group-policy SSL-Full attributes. Office Mode IP Pool is part of the VPN Encryption Domain (Office Mode assigns an IP address from one of the 'internal' networks behind VPN Gateway) - in such case:Ĭlient's Tunnel Test packets might be dropped by VPN Gateway after decryption due to Anti-Spoofing. Hi, Yes, session timeout will terminate VPN session as per the minutes you set. I've set the idle timeout to be 30 minutes, yet I can see clients that have been idle for over 2 days without being disconnected. Therefore, if Tunnel Test packet was received on another interface, it will not be answered). The Tunnel Tests packets were not processed correctly on the VPN Gateway (VPND daemon listens to Tunnel Test packets only on specific interface - the first interface in the output of ' fw ctl iflist' command. The Endpoint Connect client disconnects because the client does not receive a reply from VPN Gateway to client's Tunnel Test packets.