Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
07-09-2015 03:54 AM
help me please.
config ip pool for client access but commit fail
commit log message
| Operation | Commit |
| Result | Failed |
Detailsmissing ip pool from both dynamic ip pool and authentication server ip pool for config 'default' in gateway GP-Gateway (tunnel GP-Gateway-N) (Module: rasmgr) Commit failed | |
rasmgr log message
2015-07-10 17:52:29.746 +0700 rasmgr: rasmgr phase 1 started, config size 11700
2015-07-10 17:52:29.746 +0700 rasmgr: rasmgr phase 1 step 1 finished
2015-07-10 17:52:29.747 +0700 GP-Gateway-N
2015-07-10 17:52:29.747 +0700 Tunnel GW configuration:
2015-07-10 17:52:29.747 +0700 Tunnel Interface:tunnel.1
2015-07-10 17:52:29.747 +0700 Tunnel IP: 0.0.0.0
2015-07-10 17:52:29.747 +0700 DNS1: 0.0.0.0
2015-07-10 17:52:29.747 +0700 DNS2: 0.0.0.0
2015-07-10 17:52:29.747 +0700 DNS Suffix: tfg.co.th
2015-07-10 17:52:29.747 +0700 Egress Interface:ethernet1/11
2015-07-10 17:52:29.747 +0700 Accept Published Routes:0
2015-07-10 17:52:29.747 +0700 Anti-Replay:1
2015-07-10 17:52:29.747 +0700 Copy-TOS:0
2015-07-10 17:52:29.747 +0700 NATT enable:0
2015-07-10 17:52:29.747 +0700 Valid Networks:
2015-07-10 17:52:29.747 +0700 Tunnel Monitor:
2015-07-10 17:52:29.747 +0700 Action:0
2015-07-10 17:52:29.747 +0700 Interval:0
2015-07-10 17:52:29.747 +0700 Threshold:0
2015-07-10 17:52:29.747 +0700 Enable:0
2015-07-10 17:52:29.747 +0700 Src IP: 0.0.0.0
2015-07-10 17:52:29.747 +0700 Dest IP: 0.0.0.0
2015-07-10 17:52:29.747 +0700 IPSEc Crypto Profile:
2015-07-10 17:52:29.747 +0700 Lifetime:0
2015-07-10 17:52:29.747 +0700 Lifetime unit:0
2015-07-10 17:52:29.747 +0700 Lifetime secs:0
2015-07-10 17:52:29.747 +0700 Lifesize:0
2015-07-10 17:52:29.747 +0700 Lifesize unit:0
2015-07-10 17:52:29.747 +0700 Lifesize bytes:0
2015-07-10 17:52:29.747 +0700 DHGroup:
2015-07-10 17:52:29.747 +0700 Encr:
2015-07-10 17:52:29.747 +0700 aes-128-cbc
2015-07-10 17:52:29.747 +0700 Auth:
2015-07-10 17:52:29.747 +0700 sha1
2015-07-10 17:52:29.747 +0700 config 'conf1'
2015-07-10 17:52:29.747 +0700 string(any); transformed string(any)
2015-07-10 17:52:29.747 +0700 string(any); transformed string(any)
2015-07-10 17:52:29.747 +0700 config '(null)'
2015-07-10 17:52:29.747 +0700 string(any); transformed string(any)
2015-07-10 17:52:29.747 +0700 string(any); transformed string(any)
2015-07-10 17:52:29.748 +0700 Error: sslvpn_parse_user_configs_ip_pool_exist(src/rasmgr_parse.c:1807): missing ip pool from both dynamic ip pool and authentication server ip pool for config 'default' in gateway GP-Gateway (tunnel GP-Gateway-N)
2015-07-10 17:52:29.748 +0700 rasmgr: rasmgr phase 1 step 2 finished
2015-07-10 17:52:29.748 +0700 rasmgr: rasmgr phase 1 finished with status -1
2015-07-10 17:52:33.299 +0700 rasmgr: marking phase 1 aborted
2015-07-10 17:52:33.304 +0700 Error: cfgagent_modify_callback(pan_cfgagent.c:83): Modify string (sw.mgmt.runtime.clients.rasmgr.err) error: USER (1)
07-09-2015 05:08 AM
Hi,
Can you check under GloblaProtect/Gateways/Client Configuration/Network settings, in your default profile and in Network Settings.
You should have IP Pool configured with range like 10.1.1.1-10.1.1.10.
If you check the "Retrieve Framed-IP-Address attribute from authentication server" the aim is to delegate IP config for VPN user to internal DHCP server. Do you use it ?
Does your config is ok ?
V.
07-09-2015 09:10 PM
Hi,
under GloblaProtect/Gateways/Client Configuration/Network settings I config follow a image.
I try config ip pool to network range or network subnet. but it commit fail every.
T_T
07-14-2015 04:35 PM
Hi Dent,
Can you try this:
Check the 'Retrieve-Framed-IP-Address attribute from authentication server' box. This will then allow you to edit the authentication server IP pool. Delete the 192.168.168.0/24 pool that you have configured.
Then deselect the 'Retrieve-Framed-IP-Address attribute from authentication server' box and try committing again.
Let me know if this helps at all.
thanks,
Ben
06-19-2017 08:07 AM
Can you share your software version that you have on your firewall along with a screenshot of your network settings tab under client settings on the agent tab on the gateway configuration screen.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
