- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-14-2017 01:06 PM
I have this odd situation, global connect client successfully establish the connection with portal but in network area there is no IP address on virtual PAN network card. This is only happening with new users. Old users seems to have no problems.
I Have GP version 3.0.0-74 and PA-500.
Is anyone else having same isue? Every suggestion would be appriciated, I have allready spend a lot of time troubleshooting.
03-15-2017 12:29 PM
Enable troubleshooting on the global protect client.
More information would be helpful.. Have you configured a global protect gateway? is it FQDN/IP? Has the global protect gateway an IP pool? Is the agent gateway configuration enabled for all the users or just for an specific group? Is the computer NIC in the same network as the IP pool?
regards,
Gerardo.
03-15-2017 01:06 PM
Just a thought here but if new users are not experiencing any issues it sounds like the IPs being utilized are not set to expire the lease, since the old user has an existing lease they pickup the old IP that they have always had, new users are unable to grab an IP because the pool is exhausted. Not having any additional informaiton this is really the only thing I can think of.
Since I don't know where you are getting your addresses (ip Pool or Auth Server) there isn't much that I can say for troubleshooting. Has the box been restarted, I'm not sure what actual process hands out the IPs for GP but maybe someone else has that info.
03-16-2017 12:47 AM - edited 03-16-2017 02:40 AM
Hello, thank you for your replay. I'm getting IPs from GP portal dhcp pool. It's /24 subnet. And I really don't have much users (less than 10). How can I check for dhcp leases (I tried with: show dhcp server lease all - got no records).
Old clients can connect, problem is only on new clients (I have two remote users with same isue).
I've checked for user ip mapping on FW:
show user ip-user-mapping all | match "user"
x.x.x.41 vsys1 GP domain\user 2591894 2591894
So FW is serving the ip to the client, but on GP Client I have this:
You can see, that there is no IPv4 assigned on the GP Client.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!