Ive configured "Connection Settings" under Resource Policies to use transport mode as ESP. How come some users are still using SSL ? Any ideas?
The NC client is capable of dual protocol - ESP and SSL.
IF NC client is unable to connect over ESP, then it falls back to SSL.
In this case, if you have other users on ESP session - this means, the IVE is serving the ESP request to the clients.
We need to focus on those network / client component of those few users who are seeing this problem.
If you have open UDP 4500 on your firewall - I believe there could be a personal firewall installed on these client machines which could be contributing for this problem. Please try and disable any third party VPN clients, Personal firewalls from the computers and also for a test - you could disable the AV once and test NC if you are ok with it and then enable it back whenever required.
Hope the above helps.
Sorry for misreading the initial; it looked like all users were unable to make the ESP connection.
With it being only some, there are still firewalls at the user side (both phsyical and software) that could cause problems; other VPNs, as mentioned by AJA, could cause problems; sometimes AV software can prevent the connection.
For the users connecting with SSL, does it happen 100% of the time or only in specific locations?