GlobalProtect Client reports Gateway XYZ: Server Certificate Verification Failed was a routing issue

Reply
Highlighted
L4 Transporter

GlobalProtect Client reports Gateway XYZ: Server Certificate Verification Failed was a routing issue

Symptoms:

In my case I was using auto discovery and my client would connect to my domestic VPN gateway from a guest network. It would not however connect to Asia or European gateways manually. The message "Gateway Asia: Server certifiate verification failed" was displayed to the client.

 

Cause:

The problem turned out to be the public IP address the client was coming from was on a route over the LAN interface of the Asia and European GP Gateways.

 

 

In this case a certificate error wasn't anything to do with the certificate and everything to do with the ROUTING to "verify" the certificate.

 

Resolution options:

I added a static route on the GP gateway to override the OSPF route it was learning. This obviously could also be resolved on the OSPF side of things as well.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!