Troubleshooting SSL VPN Configuration 107novdocx (en) 16 April 2010A.10 Unable to Get Authentication HeadersIf the browser displays the Unable to Get Authentication Headers error while accessing theSSL VPN URL, check whether the custom HTTP headers required for SSL VPN are configured andenabled in the Access Gateway. In the Administration Console, click Access Gateways >[Configuration Link] > [Name of Reverse Proxy] > [Name of SSL VPN Proxy Service] > [Name ofSSL VPN Protected Resource] > Identity Injection.The SSLVPN_Default policy should be enabled. This policy injects an authentication header andtwo custom headers (X-SSLVPN-PROXY-SESSION-COOKIE and X-SSLVPN-ROLE).A.11 The SSL VPN Connection Is Successful ButThere Is No Data TransferPossible Cause: This issue might occur in both Kiosk and Enterprise modes of SSL VPN. If theSSL VPN server is behind a NAT, the Public IP address specified during server configuration mightbe incorrect.Action: In the Administration Console, click Devices > SSL VPNs > Edit > GatewayConfiguration. Make sure that the Public IP address is configured to be the IP address of a NATthrough which the external user on the Internet can access the SSL VPN server.Possible Cause: If this issue appears in Enterprise mode, it could be because the NAT configurationis wrong.Action: At the command prompt, enter iptable -L to check the configuration details. For moreinformation, see Section 2.3, “Configuring the IP Address, Port, and Network Address Translation(NAT),” on page 27.Possible Cause: If this issue appears in Enterprise mode, it could be because the routerconfiguration is wrong.Action: Check the router configuration. For more information, see Section 2.3, “Configuring the IPAddress, Port, and Network Address Translation (NAT),” on page 27.Possible Cause: If this issue appears in Enterprise mode, the TUN interface might be down.Action: At the command prompt, enter ifconfig to check if the TUN0 interface is down. If it isdown, enter the etc/init.d/novell-sslvpn restart command to restart the SSL VPN services.Action: If you are using a 64-bit machine and have changed the TUN interface, check to make surethe interface is up. If it is down, enter the etc/init.d/novell-sslvpn restart command torestart the SSL VPN services.A.12 Unable to Connect to the SSL VPN GatewayPossible Cause: A forward proxy is enabled in Internet Explorer.Action: In the Administration Console, select Devices > Access Gateways > Edit > Reverse Proxy> Proxy List > Path-Based Multi-Homing > HTTP Options. Select the Allow Pages to Be Cached bythe Browser check box.