Possible Cause: An SSL VPN full tunnel connection might disconnect because of no keepalive response if the Access Manager setup is on a host-only network, on a VMware interface of the client.
Explanation: After full tunnel is enabled, a new route entry is added to the client routing table to route the keepalive packet to the SSL VPN server through the default gateway. Because the SSL VPN gateway is on a host-only network on a VMware, the keepalive packet might not reach the SSL VPN server through the default gateway.
Action:
Add a virtual address to the SSL VPN gateway.
For example, if the primary address is 200.200.200.140, add 200.200.200.141.
Disconnect the physical network from the client to make sure that there is no default gateway to the Internet.
Manually add a default route.
For example, route add 0.0.0.0 mask 0.0.0.0 200.200.200.141 metric 5.