This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

GlobalProtect commit fail on PAN-OS 7.0

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GlobalProtect commit fail on PAN-OS 7.0

Dent
L1 Bithead

‎07-09-2015 03:54 AM

help me please.

config ip pool for client access but commit fail

commit log message

Operation Commit
Result Failed

Detailsmissing ip pool from both dynamic ip pool and authentication server ip pool for config 'default' in gateway GP-Gateway (tunnel GP-Gateway-N)

(Module: rasmgr)

Commit failed

rasmgr log message


2015-07-10 17:52:29.746 +0700 rasmgr: rasmgr phase 1 started, config size 11700

2015-07-10 17:52:29.746 +0700 rasmgr: rasmgr phase 1 step 1 finished

2015-07-10 17:52:29.747 +0700 GP-Gateway-N

2015-07-10 17:52:29.747 +0700 Tunnel GW configuration:

2015-07-10 17:52:29.747 +0700   Tunnel Interface:tunnel.1

2015-07-10 17:52:29.747 +0700   Tunnel IP: 0.0.0.0

2015-07-10 17:52:29.747 +0700   DNS1: 0.0.0.0

2015-07-10 17:52:29.747 +0700   DNS2: 0.0.0.0

2015-07-10 17:52:29.747 +0700   DNS Suffix: tfg.co.th

2015-07-10 17:52:29.747 +0700   Egress Interface:ethernet1/11

2015-07-10 17:52:29.747 +0700   Accept Published Routes:0

2015-07-10 17:52:29.747 +0700   Anti-Replay:1

2015-07-10 17:52:29.747 +0700   Copy-TOS:0

2015-07-10 17:52:29.747 +0700   NATT enable:0

2015-07-10 17:52:29.747 +0700   Valid Networks:

2015-07-10 17:52:29.747 +0700   Tunnel Monitor:

2015-07-10 17:52:29.747 +0700     Action:0

2015-07-10 17:52:29.747 +0700     Interval:0

2015-07-10 17:52:29.747 +0700     Threshold:0

2015-07-10 17:52:29.747 +0700     Enable:0

2015-07-10 17:52:29.747 +0700     Src IP: 0.0.0.0

2015-07-10 17:52:29.747 +0700     Dest IP: 0.0.0.0

2015-07-10 17:52:29.747 +0700   IPSEc Crypto Profile:

2015-07-10 17:52:29.747 +0700     Lifetime:0

2015-07-10 17:52:29.747 +0700     Lifetime unit:0

2015-07-10 17:52:29.747 +0700     Lifetime secs:0

2015-07-10 17:52:29.747 +0700     Lifesize:0

2015-07-10 17:52:29.747 +0700     Lifesize unit:0

2015-07-10 17:52:29.747 +0700     Lifesize bytes:0

2015-07-10 17:52:29.747 +0700     DHGroup:

2015-07-10 17:52:29.747 +0700     Encr:

2015-07-10 17:52:29.747 +0700       aes-128-cbc

2015-07-10 17:52:29.747 +0700     Auth:

2015-07-10 17:52:29.747 +0700       sha1

2015-07-10 17:52:29.747 +0700 config 'conf1'

2015-07-10 17:52:29.747 +0700 string(any); transformed string(any)

2015-07-10 17:52:29.747 +0700 string(any); transformed string(any)

2015-07-10 17:52:29.747 +0700 config '(null)'

2015-07-10 17:52:29.747 +0700 string(any); transformed string(any)

2015-07-10 17:52:29.747 +0700 string(any); transformed string(any)

2015-07-10 17:52:29.748 +0700 Error:  sslvpn_parse_user_configs_ip_pool_exist(src/rasmgr_parse.c:1807): missing ip pool from both dynamic ip pool and authentication server ip pool for config 'default' in gateway GP-Gateway (tunnel GP-Gateway-N)

2015-07-10 17:52:29.748 +0700 rasmgr: rasmgr phase 1 step 2 finished

2015-07-10 17:52:29.748 +0700 rasmgr: rasmgr phase 1 finished with status -1

2015-07-10 17:52:33.299 +0700 rasmgr: marking phase 1 aborted

2015-07-10 17:52:33.304 +0700 Error:  cfgagent_modify_callback(pan_cfgagent.c:83): Modify string (sw.mgmt.runtime.clients.rasmgr.err) error: USER (1)

Labels:
0 Likes Likes
5 REPLIES 5

VinceM
L5 Sessionator

‎07-09-2015 05:08 AM

Hi,

Can you check under GloblaProtect/Gateways/Client Configuration/Network settings, in your default profile and in Network Settings.

You should have IP Pool configured with range like 10.1.1.1-10.1.1.10.

If you check the "Retrieve Framed-IP-Address attribute from authentication server" the aim is to delegate IP config for VPN user to internal DHCP server. Do you use it ?

Does your config is ok ?


V.

0 Likes Likes

Dent
L1 Bithead
In response to VinceM

‎07-09-2015 09:10 PM

Hi,

     under GloblaProtect/Gateways/Client Configuration/Network settings I config follow a image.

I try config ip pool to network range or network subnet. but it commit fail every.

T_T

0 Likes Likes

bmorris1
L4 Transporter
In response to Dent

‎07-14-2015 04:35 PM

Hi Dent,

Can you try this:

Check the 'Retrieve-Framed-IP-Address attribute from authentication server' box. This will then allow you to edit the authentication server IP pool. Delete the 192.168.168.0/24 pool that you have configured.

Then deselect the 'Retrieve-Framed-IP-Address attribute from authentication server' box and try committing again.

Let me know if this helps at all.

thanks,

Ben

kunal_19
L1 Bithead

‎06-16-2017 10:20 PM

I was searching the internet and found this post in Live community.

I too am getting the same error while configuring global protect. Any solution ???? 

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to kunal_19

‎06-19-2017 08:07 AM

@kunal_19,

Can you share your software version that you have on your firewall along with a screenshot of your network settings tab under client settings on the agent tab on the gateway configuration screen. 

0 Likes Likes
  • 5137 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks