You experience problems with SSL VPN-Plus authentication.

Problem

SSL VPN-Plus authentication fails.

Solution

  • For authentication issues, verify the following settings:
    1. Ensure that the external authentication server is reachable from the NSX Edge. From the NSX Edge, ping the authentication server and verify if the server is reachable.
    2. Check the external authentication server configuration using tools such as the LDAP browser and see if the configuration works. Only LDAP and AD authentication servers can be checked using the LDAP browser.
    3. Ensure that the local authentication server is set to lowest priority if configured in authentication process.
    4. If using Active Directory (AD), set it to no-ssl mode and take packet capture on the interface from which AD Server is reachable.
    5. If authentication is successful in the syslog server, you see a message similar to: Log Output - SVP_LOG_NOTICE, 10-28-2013,09:28:39,Authentication,a,-,-,10.112.243.61,-,PHAT,,SUCCESS,,,10-28-2013,09:28:39,-,-,,,,,,,,,,-,,-,
    6. If authentication fails, in the syslog server, you see a message similar to: Log Output - SVP_LOG_NOTICE, 10-28-2013,09:28:39,Authentication,a,-,-,10.112.243.61,-,PHAT,,FAILURE,,,10-28-2013,09:28:39,-,-,,,,,,,,,,-,,-,