It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

NG Access Client Health Agent still in state 'pending communication'

  • Type: Knowledgebase
  • Date changed: one year ago
Solution 00005273 

 
Scope:
This solution replies to:
- NG Network Access Client versions 2.0-SPx
- Entegra Client versions 1.0-SPx, 2.0-SPx

 
Symptoms:

After the VPN connection, the Health Agent hangs in a "pending communication" state while verifing the health state of the client. This message is displayed in the NG Access monitor.

Health Agent is busy - pending communication

 

 
Solution:

The problem is, that the VPN remediation IP is NOT equal the VPN health validator IP. This IPs musst be different from each other.


Configure two service IPs for the "entegra Policy Service". Set one of this IPs as "VPN Remediation Service IP" in the "Config" > "Box" > "Virtual Servers" > "<Servername>" > "Assigned Services" > "<Servicename>" > "entegra Policy Service".


Example:

1st server IP = 192.168.10.10, 2nd server IP = 172.16.10.10

Set the value "Config" > "Box" > "Virtual Servers" > "<Servername>" > "Assigned Services" > "<Servicename>" > "Service Properties" > "Bind Type" to "1st and 2nd Server IP"

Set the value "Config" > "Box" > "Virtual Servers" > "<Servername>" > "Assigned Services" > "<Servicename>" > "entegra Policy Service" > "VPN Remediation Service IP" to "192.168.10.10"

Set the value "Config" > "Box" > "Virtual Servers" > "<Servername>" > "Assigned Services" > "<Servicename>" > "VPN Settings" > "Policy Service IP Address" to "192.168.10.10"

Use the IP Address "172.16.10.10" for LAN attached NG Access clients as the policy server IP (via DHCP or manual set) and remediation server IP. After the activation of this configuration, the pending communication will disappear after the next reconnect.

Annotation:

 Do not include the NG Access Service IP, which is used for LAN clients, in the VPN Client2Site Configuration! Furthermore if you want to restrict access also in networks which are not owned by you, you have to configure the policy server IP address not by DHCP. Only in that case the emergency quarantine feature can be used. If ICMP probing is activated, problems can arise if the same IP is pingable in another network.



Link to This Page:
https://campus.barracuda.com/solution/50160000000IKb4AAG