I recently upgraded my PA 5050 to 7.1.9. Before that users could connect to the VPN could connect via their native VPN client on their android phones and today I got a call saying one user no longer could and it was failing on the encryption. Any ideas?
TAC found the answer to the issue is that with the upgrade to 7.1 there is a capital A under the portal/client authentication OS Any in the GUI and it was a lower case a in the 7.0 version. Once matched that up to what he saw in the command line it started working again with the native client
Here it the resolution from the TAC case
We found errors for the invalid proposal from the client and it was due to changes in Global Protect fields post the upgrade of PAN OS 7.1 (Bug 94883)
>> Checked the configuration on the firewall for the Global Protect and found OS field contain value "any" instead of "Any" was the root cause of connectivity issue using the Native Client.
# set global-protect global-protect-gateway <gateway_name> client-auth <client_auth_name> os Any
>> Post the above changes for the OS field the native clients were able to connect to the Global Protect Gateway and we have verified the connectivity
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!