We are configuring global protect.
The scenario is we use one armed global protect, because we have it connected behind our ASA firewall with functions as boundary.
As we have several scenario's we want to use the client and clientless version.
For the client version we can assign an IP from some defined range, that works allright.
Now for the clientless vpn i ran into the issue that a connection made from a client to a clientless app has the public source ip adres. In our scenario we run into assymetric routing.
Now my question is: Can globalprotect clientless vpn be source natted ? So requests are routed back to the palo alto instead of going directly through asa to the internet ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!