Asma Alfayyad Posted July 1 Share Posted July 1 Dears, I am trying to publish the tunnel service on UEM that implement on UAG (with cascade mode) on AVI NSX advanced LB. it appears on the external device that (authentication certificate are not present) , knowing that when I try on an internal device by enrolling with backend server , the tunnel app appeared as traffic rules not present . anyone can help please? Quote Link to comment Share on other sites More sharing options...
Employee Andreano Lanusse Posted July 1 Employee Share Posted July 1 Most likely there is LB config issue that is impacting the client and server, review your LB configuration as described here https://docs.vmware.com/en/VMware-Avi-Load-Balancer/30.2/Solutions-Guide/GUID-53C08E69-E5EA-4921-AB74-0AAF048FACF7.html Ensure you are not doing ssl offloading on the LB. Finally , check this article that provide great details on how tunnel handle communication. https://techzone.omnissa.com/resource/understand-and-troubleshoot-tunnel-connections Quote Link to comment Share on other sites More sharing options...
Asma Alfayyad Posted July 2 Author Share Posted July 2 (edited) Hello Andreano, now I get the below, as I cant reach it externally before. but still the tunnel app show the same msg. Edited July 2 by Asma Alfayyad Quote Link to comment Share on other sites More sharing options...
Daisuke Yajima Posted August 3 Share Posted August 3 (edited) @Asma Alfayyad Hello, Device Traffic Rules and Authentication Certificates are sent to devices by publishing a VPN profile to devices. It seems that your device do not have VPN profiles. How about re-publishing VPN profile ? Hope this helps Edited August 3 by Daisuke Yajima Quote Link to comment Share on other sites More sharing options...
Asma Alfayyad Posted August 4 Author Share Posted August 4 Hello @Daisuke Yajima , I tried to re-publishing the VPN profile, but with same issue. the certificates for the for the VPN profile are presented on the mmc on the device but appeared on the console as unknown. Quote Link to comment Share on other sites More sharing options...
Employee Hussam Rabaya Posted August 28 Employee Share Posted August 28 you have multiple issues as i can see from the screen shots you need to check all tunnel settings : 1- you have right tunnel type (per-app, full device ) 2- create DTR profile (by default you have 1 profiles named "default ") 3- add the right DTR roles (be sure you are destinations in IPs or host names ) 4- the profile configuration (be sure you map it to DTR profile ).....as explained in #2 also from network prescriptive and as load balancer you need to use "pass-through" in tunnel load balancers (relay and endpoint) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.