I'm trying to figure out how to get traffic from my internal network to my GP VPN clients. At the moment I can't even ping the remote users. They can access all corporate resources without issue I just can't seem to get any traffic out to them. It seems I have this issue with any tunnel.xx interface. Is there something obvious here that I'm missing?
I'm running an 820 with 8.1.6.
You may want to confirm that the virtual pool of addresses that the GP users are getting is an UNKNOWN/un-used range from your internal network. Too often I see customers using a subnet that is internal to the network, and then the L3 switch does not know how to get them to the users. So routing/subnet is one issue.
Let us know how this works.. provide other detials.
Howdy, there really could only be 2 potential reasons..... security policy to allow the traffic and routing table to permit the traffic.
You MUST see traffic in your logs from your inside zone to your globalprotect zone (or whatever)
If you do not see this traffic, then you are not displaying your logs properly, or you are using intrazone policy (without logging) or you are not logging the rule that it would be hitting... once you see this, then you can confirm in your logs, that you see traffic from the inside interface (whatever that would be) destined to the tunnel interface for GP (whatever that is..)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!