Mettle Knowledge
Search:     Advanced search
Browse by category:

SSL VPN Troubleshooting

Views: 2880
Votes: 0
Posted: 18 Jun, 2012
by: Knowledge M.
Updated: 17 Apr, 2013
by: Knowledge M.
Often we get support calls with regard to SSL VPN connectivity problems. Most common is that SSL VPN cannot connect or the connected link drops. In such a case we recommend you do the following to diagnose the problem.

1) Ping Mettle SE
Try to ping the host IP address (public IP address of Mettle SE), ping replies should be within a reasonable time frame. It means there shouldn't be too much of a delay for ping replies to get to your computer you can find that out by looking at "ms" (milliseconds) values each reply has. Also see if there is any "Request Timed Out" message. If there is too much delay and/or if you get a "request timed out message" it means there is an Internet connectivity issue. Please contact your ISP to rectify the issue.

2) SSL VPN disconnecting
Try steps mentioned above to see if you have a connectivity problem. If connection is Ok but if you're still getting disconnected make sure your SSL VPN key is not being used by someone else from a different machine. If others are using your key to sign in to SSL VPN you will get disconnected when they log in and they will get disconnected when you log in.

3) TLS handshake error
The most common reason for this error to occur is when you have an Internet connectivity problem as described in the first section. If it takes too long (in milliseconds) for the packets to reach the destination from Mettle SE to your computer the key negotiation gets timed out. Resulting in a TLS error. This will happen if the same key is shared with a different user.

4) Trying to initialise session and then gets stuck
If you have no Internet connectivity issue and the key is not shared with anyone else but you still have a SSL VPN connectivity problem then you should try restarting your Windows computer. Most often this will solve the problem. If not check your network settings.

5) You can connect to your office but you cannot ping the server at your office
If you can establish an SSL VPN connection but you can't ping the server at office then it could be due to Mettle SE firewall blocking ping requests. To enable ping, you should contact your system administrator and ask him to create a rule allowing ping to your office server.

If there is already a rule allowing ping but you still cannot ping the office server then make sure that the Gateway IP address of the office server is set correctly. The Gateway  of the office server should be Mettle SE. If the Gateway is not set correctly the client's ping request will reach the office server correctly but the replies from office server would be directed via a different gateway and will not reach the requestor.
Others in this Category
document Choosing a VPN Technology
document SSL VPN: If SSL VPN Clients Want to Access a Subnet other than "Local network"
document SSL VPN: To make SSL VPN client use VPN as the Default Gateway
document SSL VPN: To exclude some Network from using VPN gateway when VPN is set as default gateway for VPN client
document Setting Up SSL-VPN Server
document SSL VPN Client Certificate Creation
document SSL VPN Client: Windows Client Configuration
document Configuring Client-less SSL VPN