https://live.paloaltonetworks.com/t5/general-topics/ssl-vpn-client-is-sending-the-pa-traffic-with-other-local/m-p/3007#M2234 <HTML><HEAD></HEAD><BODY><P>I realised that some traffic from several remote clients is going through the firewall with another remote-local IP address, different from my remote assigned-pool. Obviously, this traffic is beeing dropped. It happens with users accessing correctly to other services (with the correct VPN-assigned IP). </P><P>Could it be a Global Protect issue?</P><P>It started to happen when we went up from version 3.1.4 to 4.0.5. Now we have 4.1.10 and Global Protect 1.2.1.</P><P></P><P>Any suggestions?</P><P></P><P>Thanks.</P></BODY></HTML> Tue, 15 Jan 2013 17:24:16 GMT CarlesGISA 2013-01-15T17:24:16Z https://live.paloaltonetworks.com/t5/general-topics/ssl-vpn-client-is-sending-the-pa-traffic-with-other-local/m-p/3007#M2234 <HTML><HEAD></HEAD><BODY><P>I realised that some traffic from several remote clients is going through the firewall with another remote-local IP address, different from my remote assigned-pool. Obviously, this traffic is beeing dropped. It happens with users accessing correctly to other services (with the correct VPN-assigned IP). </P><P>Could it be a Global Protect issue?</P><P>It started to happen when we went up from version 3.1.4 to 4.0.5. Now we have 4.1.10 and Global Protect 1.2.1.</P><P></P><P>Any suggestions?</P><P></P><P>Thanks.</P></BODY></HTML> Tue, 15 Jan 2013 17:24:16 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-vpn-client-is-sending-the-pa-traffic-with-other-local/m-p/3007#M2234 CarlesGISA 2013-01-15T17:24:16Z https://live.paloaltonetworks.com/t5/general-topics/ssl-vpn-client-is-sending-the-pa-traffic-with-other-local/m-p/3008#M2235 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>You are probalby meeting a split-tunneling issue; Check your access route in your Gateway configuration.</P><P>Some traffic is probalby still routed in your LAN and not in your tunnel.</P><P></P><P>Best Regards</P><P></P><P>-Nicolas</P></BODY></HTML> Wed, 16 Jan 2013 14:17:56 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-vpn-client-is-sending-the-pa-traffic-with-other-local/m-p/3008#M2235 nbilly 2013-01-16T14:17:56Z https://live.paloaltonetworks.com/t5/general-topics/ssl-vpn-client-is-sending-the-pa-traffic-with-other-local/m-p/3009#M2236 <HTML><HEAD></HEAD><BODY><P>Hi Nicolas,</P><P>thanks for reply.</P><P>I think it's the opposite. Some local traffic of the remote client is being routed through the VPN, so I can see some incoming traffic from another physical interface the remote computer has.</P><P>For exemple: I'm assigning 192.168.1.0/24 IP's to the remote clients. If one client connects, I assign it 192.168.1.1 and I can see traffic to my internal IP's from this IP. But I can see also traffic from 10.10.10.10 (a remote local IP) to machines of my local 10.10.10.0/24 segment.</P><P>It's like the Global Protect agent is routing all the traffic (10.10.10.0 is in the acces route of my gateway) to my routed networks <SPAN style="text-decoration: underline;">including</SPAN> traffic from other interfaces.</P><P></P><P>Regards,</P><P>Carlos.</P></BODY></HTML> Wed, 16 Jan 2013 16:16:15 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-vpn-client-is-sending-the-pa-traffic-with-other-local/m-p/3009#M2236 CarlesGISA 2013-01-16T16:16:15Z https://live.paloaltonetworks.com/t5/general-topics/ssl-vpn-client-is-sending-the-pa-traffic-with-other-local/m-p/3010#M2237 <HTML><HEAD></HEAD><BODY><P>Carlos,</P><P></P><P>Which access routes did you have configured?</P><P></P><P>regards</P><P></P><P>-Nicolas</P></BODY></HTML> Thu, 17 Jan 2013 08:09:53 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-vpn-client-is-sending-the-pa-traffic-with-other-local/m-p/3010#M2237 nbilly 2013-01-17T08:09:53Z https://live.paloaltonetworks.com/t5/general-topics/ssl-vpn-client-is-sending-the-pa-traffic-with-other-local/m-p/3011#M2238 <HTML><HEAD></HEAD><BODY><P>Hi Nicolas,</P><P>I have several networks in the access routes list. For example:</P><P><IMG alt="" class="jiveImage" src="https://live.paloaltonetworks.com/legacyfs/online/5226_pastedImage_0.png" style="width: 324px; height: 208px;" /></P><P>But I don't have 0.0.0.0/0, if you mean that... But yes, unusual traffic I'm seeing is coming FROM IP's of these ranges of other interfaces of the remote client.</P><P>Here you can see I'm assigning remote IP's from another range, so I wouldn't see traffic from this zone EXCEPT from this range:</P><P><IMG alt="" class="jiveImage" src="https://live.paloaltonetworks.com/legacyfs/online/5227_pastedImage_1.png" style="width: 322px; height: 236px;" /></P><P>Regards,</P><P>Carlos.</P></BODY></HTML> Fri, 18 Jan 2013 12:20:12 GMT https://live.paloaltonetworks.com/t5/general-topics/ssl-vpn-client-is-sending-the-pa-traffic-with-other-local/m-p/3011#M2238 CarlesGISA 2013-01-18T12:20:12Z