SSL VPN with AAD SAML Error -6008

I just spent an embarrassing amount of time trying to implement a new SSL VPN solution.

The setup uses AAD SAML as IDP and had controls enabled to restrict out of support OSes (this is where I screwed up). I’m just posting this for Google to help someone else if they run into this problem, so sorry this is going to be a bit barebones.

Error in the VPN client: Unable to establish the VPN connection. The VPN server may be unreachable. (-6008)

Debug commands:
diag debug reset

diag debug console timestamp enable

diag debug app sslvpn -1

diag debug app samld -1

diag debug enable

Error in the last line of the debug: [253:root:74]rmt_web_access_check:771 access failed, uri=[/remote/portal],ret=4103

​

Solution: Disable the “Restrict to Specific OS Versions” option in the SSL VPN Portal.

Thank you your post was very helpful. I had the same problem with SAML sslvpn but not just with “Restrict to Specific OS Versions” option also with “Host check” option.

This connection error -6008 stopped only after disabling both.

Host check is one good security feature but is there a way to fix with with these options enabled.

Disabling this and the ‘Host Check’ resolved it for me too. thanks a lot.

Same works for me. Thanks

It must be ran in the middle of the authentication phase, but since it’s offloaded to azure it can’t run those checks.