Native VPN client on android phone

cancel
Showing results for 
Search instead for 
Did you mean: 

Native VPN client on android phone

L4 Transporter

I recently upgraded my PA 5050 to 7.1.9. Before that users could connect to the VPN could connect via their native VPN client on their android phones and today I got a call saying one user no longer could and it was failing on the encryption. Any ideas?

1 ACCEPTED SOLUTION

Accepted Solutions

Here it the resolution from the TAC case

 

We found errors for the invalid proposal from the client and it was due to changes in Global Protect fields post the upgrade of PAN OS 7.1 (Bug 94883)

>> Checked the configuration on the firewall for the Global Protect and found OS field contain value "any" instead of "Any" was the root cause of connectivity issue using the Native Client.

> configure
# set global-protect global-protect-gateway <gateway_name> client-auth <client_auth_name> os Any
# commit

>> Post the above changes for the OS field the native clients were able to connect to the Global Protect Gateway and we have verified the connectivity

View solution in original post

28 REPLIES 28

Cyber Elite
Cyber Elite

@jdprovine,

My initial reaction would be to verify that your x-auth setting didn't get reset to default and verify that they are using the proper group name and group password. It could be that the x-auth setting got modified back to it's default state or that their phone is simply misconfigured, since it specifically failed on encryption I would really be looking at verifying that the group name/password match what is actually on the firewall. 

@BPry

I checked and x-auth is enabled

If it had changed wouldn't it have affected pc native clients too

What about skip x-auth on ike rekey would that cause it to fail? and would it cause it to fail on pc native clients and phone clients

@jdprovine,

If you are utilizing the PC's native client then yes. At that point I'm guessing it's something on the users phone if you have native clients connecting elsewhere; I would ask them to clear everything out and follow your setup instructions again, they could have inavertably modified something without realizing it. Another question to ask with an native client is if there device has updated recently, the OEM could have changed something on there end that the PA doesn't like. 

@BPry

Thing is its a not a regular user but a networking guy LOL. So it probably doesn't have anything to do with the upgrade to the new OS of 7.1.9 on the PA

@jdprovine,

I would say with 98% certainty that this has nothing to do with the update to 7.1.9 if you are having clients utilizing native clients currently without any issue. 

@BPry

Yes that was my thoughts as well since the release notes never mentioned any changed to the GP


@jdprovine wrote:

@BPry

I checked and x-auth is enabled

If it had changed wouldn't it have affected pc native clients too


Off topic: what OS do the computers have where you are using the native client?

@vsys_remo @BPry

For now I only have reports of issues with the native clients on an Iphone and an android phones no word about pc's yet

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!