NetScaler – Native OTP is breaking SSL VPN

If you are using NetScaler OTP authentication on your Gateway watch out when working with SSL VPN. After creating the session profile/policy I was able to connect to the Gateway and access some of the internal ressources. Unfortunately I couldnt get a working RDP connection or access some management websites via https (custom port).  I always was presented with the error: SSL_ERROR_RX_RECORD_TOO_LONG
ICMP request to the backend servers have been working as well.

The user “aman-it” posted a solution for this  behaviour  when working with native OTP. You need to change the expression for the traffic policy.

http.req.method.eq(post)||http.req.method.eq(get) && false


Now you should be able to access all the internal resources via the VPN tunnel.





Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at

Up ↑

%d bloggers like this: