For any SSL VPN testing, I would first advise to wait until upgrade to 5.8.1 can be done. It could be available tomorrow (Tuesday). A lot of issues have in any case been fixed in it.
Thanks for your information.
I've updated my engine to 5.8.1 then tried to configure IPsec VPN client with SSL VPN on the same interface. This time, SSL VPN is ok But i've found out some errors with Ipsec VPN Client:
1. Local relay to external DHCP server is not supported with SSL VPN due to this error:
Upload Failure: Operation failed.
Engine error: Engine error: Message code 208 (errno 100)
2015-02-05 10:41:40.922 sgcfg.exit.NGFW1 FATAL: creating sslvpn configuration failed. Returned -1.
FATAL: Local relay to external DHCP server is not supported with SSL VPN
Disable local relay from VPN client options to enable SSL VPN
Alternatively, set the DHCP server's address to firewall NDI address if firewall internal DHCP server is used
2. Disable Local DHCP Relay the DHCP Relay failed. I found out that DHCP relay packet has the source and destination IP address is 127.0.0.1, so it'll never reach the DHCP Server.
3. Try to remove SSL VPN Client, the DHCP still failed dued to source and destination IP address is 127.0.0.1
4. Enable Local DHCP Relay with only Ipsec VPN Client, it works.
What's wrong, man? As i know, the Local DHCP Relay is just to enforce Engine using unicast DHCP Packet even when the DHCP Server is in the engine's connected network. And in my case, the DHCP Server is not in the connected network?
Thanks and Regards!
What is the "NDI for relay"? Also, are you using SMC 5.8.2 recently released?
In case your DHCP server is not in connected network, just disable local relay checkbox.
What is the "NDI for relay"? means that using Engine as DHCP Server
I'm still using SMC 5.8.1. I did not see the download link for SMC 5.8.2.
In case your DHCP server is not in connected network, just disable local relay checkbox. I already disabled local relay.
No, I was asking, what is your setting chosen for NDI to be used.
SMC 5.8.2 should be available in McAfee download site, I just checked.
It's my Tunnel's Ip address. I create that tunnel for DHCP Relay
I did not see the SMC 5.8.2 on stonesoft download site
Stonesoft download site is going away, it is only there for some specific reasons (automatic download systems, etc). Please use McAfee download site with your grant number.
I don't have any grant number. How can i get that? I'm using trial license.