This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

GlobalProtect agent can not connect to my internal Network

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

GlobalProtect agent can not connect to my internal Network

ADINESMA
L0 Member

‎09-25-2018 08:18 AM

Hello,

After correctly configuring global protect VPN on the firewall, and installed the agent globalprotect on the remote machine, when I am in connected mode with the agent I can not connect to my internal network not even send a ping, I checked the security rules and the NAT between the two zones, the access route but the problem persists

0 Likes Likes
1 REPLY 1

gwesson
L7 Applicator

‎09-25-2018 09:37 AM

Can you not send a ping at all? Or is it that you're not receiving a response to ping? It sounds like a slight symantic difference, but it is rather important. If you can't even send a ping because you get an error saying that the destination net is unreachable, it's different than if you're sending the ping but it times out.

 

Assuming it's a timeout, do you see the session on the firewall while you're running the ping test? 

 

If your internal IP from the GlobalProtect pool is 192.0.2.1 and you're trying to reach 172.16.1.1, you can check the session with:

> show session all filter source 192.0.2.1 destination 172.16.1.1

 

In the results, find one session that matches and pull up its details with:

> show session id 123456

 

There you should see packets in the c2s (client to server) flow and ideally will see the responses in the s2c flow. If you're seeing the packets leave the firewall but not return, it's likely a routing problem with your destination not knowing how to route back to the IP Pool you gave to your GP clients, or the source NAT address.

0 Likes Likes
  • 2858 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks