Create a Post
Showing results for 
Search instead for 
Did you mean: 

SSL Network Extender Issue

Hi team,

I am having a random issue with remote users connected to the RemoteAccess vpn.

Remote users can login to the portal and the office mode IP assigns correctly. We do not know why some times users cannot access the resource. When connections are being dropped logs show: "Drecipted and user method are not identical (vpn error code 1). It seems like that the gateway is identifying the users connections as a Site-to-Site communication from one of our peer gateways even when the encryption domains are not the same. 

This issue is presenting since we upgraded to R80.20.

So, we have some questions...

Do we need to configure static routes in the customer switch core?

We have a clusterXL HA deployment and different office mode segments are configured in the cluster members. We have detected that only with one member the issue is presenting. Do we need to use the same office mode pool in both cluster members?








0 Kudos
2 Replies

Cluster members should be configured to use the Office Mode addresses.
Also your core routers/switches will likely need routes for the Office Mode addresses to point at the gateway, particularly if the default route doesn't go through the Security Gateway.


if you had ClusterXL HA you can define the same office-mode network on both members.

As Dameon wrote, this office mode network need to be routed to your cluster.


PS.: It is always a good idea to get the office mode IPs from an internal DHCP server