Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dblackwell
New Contributor

Unable to receive SSL VPN tunnel IP address (-30)

I have multiple users that are getting this error message intermittently. The users are connecting from India and my office is located in the U.S. There are plenty of IP addresses available in the pool. Could this be a internet bandwidth issue? Any suggestions would be greatly appreciated.

 

Thank you,

16 REPLIES 16
emnoc
Esteemed Contributor III

I high   unlikely, how big is the pool? Are all users using the same pool or do you have multiple   portal with unique defined pools for tunnel-mode

 

 

i.e

 

web portal USusers

      pool ABC

 

web portal  INusers

      pool   DEF

etc....

 

 

Ken

 

PCNSE 

NSE 

StrongSwan  

dblackwell

One portal 20 addresses 4 users.

emnoc
Esteemed Contributor III

Than your problem is not the pool size. Your problem is something else.

 

PCNSE 

NSE 

StrongSwan  

ede_pfau
Esteemed Contributor III

just a wild guess: latency? maybe the time between request and reaction of the FGT is too long (though I have no information on this internal detail).

OTOH, have you checked the MTU? this can bring up a lot of funny effects like some traffic making it through and some not.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
dblackwell

Good call, I'll look into that and report back.

rdumitrescu

did you managed to understand why do you have this issue?

I start experience the same issue. It happens randomly. I'm sure that is not related to the IP Pool usage. I have a pool of 200 IPs and when the issue happen only 94 users were logged in.

 

Thanks

 

fortress1

Anyone with a solution for this issue? I am intermittently getting the error as well. There are currently no users connected, but when testing the error "unable to receive ssl vpn tunnel ip address (-30)" comes up.

Help?

Tolle

I am having the same problem. Has anyone found a solution yet?

Issue is the same, tested from different locations and ISP's

Can it be a firmware issue? I have v5.6.2 build1486 on a 30E

Firewall is connected to ISP's firewall, is it the same in your case?

rdumitrescu
New Contributor III

When I faced the issue the firewall was in 5.2.4, last week I upgrade the firewall to 5.4.5. For now the issue seems to be gone.