Dear Concern, I am facing the same issue. Kindly help.

For 2 days it worked fine but now giving the error as "Failed to contact server" "Please check your network connection and try again"

I am using windows only. PLEASE HELP ! Its my Work from home but I am unable to connect to my VPN

@Poonam22 : It's a generic error message which could be caused due to various reasons, please replicate the issue and provide the debuglog.log files (upload to any filehosters and share the link as a Private Message) from C:\ProgramData\Pulse Secure\Logging or C:\Users\Public\Pulse Secure\Logging folder for review.

Pulse Connect Secure Certified Expert

@zanyterp [email protected] My company found this problem now, Fail to contact server. But not all user who found this problem (windows OS).

We just bring F5 load balance to distribute connection to 2 Pulse Secure last week. but I'm not sure that this problem has occured before or after using F5 load balancing.

Please suggest.

@zanyterp @Ray Do you think this is problem from load balancer? Why?

---

@zanyterp wrote:
as [email protected] mentioned, using Pulse directly is your best bet to connect without this issue
are you using a load balancer in front of the appliance? do other users see this or only your connection?
are you resetting your Safari settings frequently?

---

@tahmor In some cases, we have seen the PSAL receives 302 - HTTP REDIRECT response from the VPN server which ideally caused by the LB (front-end) which forwarded request to the incorrect VPN server where the user did not have any active session.

Initial connection - Client >> LB >> VPN1 (active session).

During PSAL launch - PSAL (Client) >> LB >> VPN2 (no active session) >> Sends 302 redirect with auth.prompt.

So in your case, it happens on Windows too or just macOS?

Pulse Connect Secure Certified Expert

---

[email protected] wrote:

@tahmor In some cases, we have seen the PSAL receives 302 - HTTP REDIRECT response from the VPN server which ideally caused by the LB (front-end) which forwarded request to the incorrect VPN server where the user did not have any active session.

 

Initial connection - Client >> LB >> VPN1 (active session).

During PSAL launch - PSAL (Client) >> LB >> VPN2 (no active session) >> Sends 302 redirect with auth.prompt.

 

So in your case, it happens on Windows too or just macOS?

---

Just only Windows user in my company

@tahmor  could you please make sure that ESP UDP:4500  Port is not blocked from the F5 to the external interfaces on the PSA cluster, and make sure that you disabled the SPI lookup to maintain an ESP connection.

""In BIG-IP 11.0.0, additional Traffic Management Microkernel (TMM) handling of IPsec traffic was introduced with the ability of the BIG-IP system to terminate an IPsec connection as an IPsec SA endpoint. When processing an IPsec connection, TMM uses the IPsec ESP Security Parameter Index (SPI) in the connection flow hash to uniquely identify the connection.

If you pass IPsec ESP traffic through an IP forwarding or FastL4 virtual server, because the SPI is not symmetric, it will likely not be the same from client to server as from server to client. When forwarding IPsec ESP traffic through an IP forwarding virtual server, if the SPI in the server to client response packet has changed, TMM will not identify the response as matching an existing traffic flow and drop the packet. To pass the IPsec ESP reply traffic, you must disable the BIG-IP system from using the SPI to identify the connection flow.

The ipsec.lookupspi database variable added in BIG-IP 11.2.0 allows you to disable the BIG-IP system from using the SPI to identify the connection flow.

Fore more info, kindly finb below article:

https://support.f5.com/csp/article/K14169

Please send the PSAL logs over to me as PM.

Pulse Connect Secure Certified Expert