I'm trying to figure out how to get traffic from my internal network to my GP VPN clients. At the moment I can't even ping the remote users. They can access all corporate resources without issue I just can't seem to get any traffic out to them. It seems I have this issue with any tunnel.xx interface. Is there something obvious here that I'm missing?
I'm running an 820 with 8.1.6.
You may want to confirm that the virtual pool of addresses that the GP users are getting is an UNKNOWN/un-used range from your internal network. Too often I see customers using a subnet that is internal to the network, and then the L3 switch does not know how to get them to the users. So routing/subnet is one issue.
Let us know how this works.. provide other detials.
Yes I can confirm that the virtual pool definitely is not used anywhere else in my network. I've also got a static route setup for it same as I do my other networks that terminate on the PA.
I have a similar policy that basically allows my entire IT zone to access any on my Global Protect zone. I don't think its a policy issue so much as a routing issue as I can ping the tunnel gateway but not the individual clients that are remoting in.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!