Forum Discussion

Nimbostratus

Aug 15, 2014

SSL VPN Disconnect Issue

We currently have an issue with our SSL VPN connection disconnecting on random intervals. I do have a open support case and unfortunately not making any drastic headway, so reaching out here to see i...

Matti_63169
Jun 02, 2016
Check the DNS settings of the F5 and make sure it can resolve the sslvpn fqdn.

Background: We had similar issues, the PPP tunnel kept randomly closing and opening a new one, which caused the clients to reconnect, which in turn caused traffic not flowing while the PPP tunnel did a new handshake.

There were no evidence in the LTM log why this happens, but the Edge client log revealed that DNS lookup for the APM endpoint (LTM VIP) didn't resolve. The client machine actually could resolve it, but the F5 itself couldn't. After changing the DNS servers in F5 to ones that resolved correctly the problem seems to have been solved.

walou12_113339

Nimbostratus

Aug 18, 2014

Hi, Are you running full tunnels or split tunnels?. We had a similar problem with split tunnels, some clients would disconnect after 10 min. Logged a support call and did a lot of debugging, it appeared to be triggered by some route change event on the client. but we never got to the bottom of it and went back to full tunnel.

Rusty_M_140798
Nimbostratus
Aug 18, 2014
We are using split tunnels, I will try testing without today to see if the issue still happens. But split tunneling is a big requirement as we are using MS Lync and running SSL over SSL has some pretty large performance issues.
Rusty_M_140798
Nimbostratus
Aug 18, 2014
Also, I found this setting as well "Prohibit routing table changes during Network Access connection" When enabled, routes in the client routing table for the F5 PPP adapter cannot be added, deleted, or modified. Any request to add, delete, or modify a route pointing to the F5 PPP adapter is discarded. Did you try this setting or did it have any effect?
Rusty_M_140798
Nimbostratus
Aug 18, 2014
Tested both, unfortunately nether of the above changes made a difference.
Rusty_M_140798
Nimbostratus
Aug 27, 2014
I did test using a full tunnel and did not have an issue, so it appears I maybe having the same issue that occurred with yours. Still trying to figure out what is causing the issue with split tunnels.
Rusty_M_140798
Nimbostratus
Aug 27, 2014
I take that back the issue still occurs even when using a full tunnel....

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SSL VPN Disconnect Issue

Recent Discussions

APM with EntraID as idP / request signed

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Proxy SSL unavailable suite (47) issue

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

SSL LTM issue

SSL PROXY

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS