Asma Alfayyad Posted July 1 Posted July 1 Dears, I am trying to publish the tunnel service on UEM that implement on UAG (with cascade mode) on AVI NSX advanced LB. it appears on the external device that (authentication certificate are not present) , knowing that when I try on an internal device by enrolling with backend server , the tunnel app appeared as traffic rules not present . anyone can help please?
Employee Andreano Lanusse Posted July 1 Employee Posted July 1 Most likely there is LB config issue that is impacting the client and server, review your LB configuration as described here https://docs.vmware.com/en/VMware-Avi-Load-Balancer/30.2/Solutions-Guide/GUID-53C08E69-E5EA-4921-AB74-0AAF048FACF7.html Ensure you are not doing ssl offloading on the LB. Finally , check this article that provide great details on how tunnel handle communication. https://techzone.omnissa.com/resource/understand-and-troubleshoot-tunnel-connections
Asma Alfayyad Posted July 2 Author Posted July 2 (edited) Hello Andreano, now I get the below, as I cant reach it externally before. but still the tunnel app show the same msg. Edited July 2 by Asma Alfayyad
Daisuke Yajima Posted August 3 Posted August 3 (edited) @Asma Alfayyad Hello, Device Traffic Rules and Authentication Certificates are sent to devices by publishing a VPN profile to devices. It seems that your device do not have VPN profiles. How about re-publishing VPN profile ? Hope this helps Edited August 3 by Daisuke Yajima
Asma Alfayyad Posted August 4 Author Posted August 4 Hello @Daisuke Yajima , I tried to re-publishing the VPN profile, but with same issue. the certificates for the for the VPN profile are presented on the mmc on the device but appeared on the console as unknown.
Employee Hussam Rabaya Posted August 28 Employee Posted August 28 you have multiple issues as i can see from the screen shots you need to check all tunnel settings : 1- you have right tunnel type (per-app, full device ) 2- create DTR profile (by default you have 1 profiles named "default ") 3- add the right DTR roles (be sure you are destinations in IPs or host names ) 4- the profile configuration (be sure you map it to DTR profile ).....as explained in #2 also from network prescriptive and as load balancer you need to use "pass-through" in tunnel load balancers (relay and endpoint)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now