Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 43 subscribers
  • Views 1163 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL Site to Site VPN is down

Idir AIT YAHIA

Hello,

i have configured SSL site to site VPN, at the beginning it worked well, but since this morning, they no longer work on the server side, the green connection circle has changed to red i have deleted the server and reconfigured the server but is still disconnected. 

i have the latest firmware version, two XG210 appliance, a fixed public IP adresse on both sides (client and server) 

what are the possible settings that can cause the VPN tunnel to malfunction. 

 

thanks, 

 



This thread was automatically locked due to age.
Parents
  • 0

    DNS problem with the hostname in the "Override Hostname" option under the "Show VPN Settings"  option perhaps?

     

    -Scott

     

     

  • 0 in reply to Scott_D_L

    Hi

     thank's for reply, problem solved,I think the problem comes from there, but I'm not very sure, because I did a lot of manipulation.

  • 0 in reply to Idir AIT YAHIA

    Check "Override Hostname" under Show VPN Settings

    When Override Hostname is blank it will automatically use all WAN as an authentication way.

    Putting distinct WAN IP address in Override Hostname will assure you that there will be no WAN port be used except to what you have entered.

    I recommend you to put a reliable WAN connection to SSL VPN Override Hostname be because if that port is down SSL VPN connection cannot authenticate anymore.

    Or what we have tried is we put a WAN load balance (with multiple WAN connection) to portX to assure that it will not go down.

    Hope this help you!

Reply
  • 0 in reply to Idir AIT YAHIA

    Check "Override Hostname" under Show VPN Settings

    When Override Hostname is blank it will automatically use all WAN as an authentication way.

    Putting distinct WAN IP address in Override Hostname will assure you that there will be no WAN port be used except to what you have entered.

    I recommend you to put a reliable WAN connection to SSL VPN Override Hostname be because if that port is down SSL VPN connection cannot authenticate anymore.

    Or what we have tried is we put a WAN load balance (with multiple WAN connection) to portX to assure that it will not go down.

    Hope this help you!

Children
No Data
Unfiltered HTML