Secure Access Client for Access Gateway Enterprise Edition fails to connect and displays the following error message when creating a VPN Tunnel:

“1015: The secure connection could not be established (2)”

The “invalid socket id” error is logged in the Access Gateway Plug-in logs.

Requirements

Access Gateway Enterprise Edition with a Session policy configured for a SSL VPN Tunnel.

To resolve the issue, complete the following steps:

1. Verify that the SSL server certificate bound to the Access Gateway virtual server does not appear as Expired in the GUI.

2. Locate the certificates for your build.

   • (10.1 builds)

     

   • (10.0 and earlier builds)

     

3. Expand SSL, click Certificates to view the certificates.

   In this example, TestCertificate is bound to the Access Gateway virtual server and the certificate is Expired.

   

   The Secure Access Client is able to connect successfully with a valid SSL server Certificate. In this example, TestCertificate is bound to the Access Gateway virtual server and the certificate is Valid.

   

   Note: If your certificate is Valid and the same error message is displayed, check if there are any intermediates linked to the server certificate. It is recommended to have proper Intermediate Certificate linked to the server certificate.

The Access Gateway is configured with an SSL server certificate that is Expired or not linked to the proper Intermediate Certificate (if required) when users log on to the Access Gateway using a fully qualified domain name, such as test.com.