- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-28-2018 07:08 AM
Supporting VPN for people is a challenge no matter what VPN you are using but people never consider the reliabilty of their own ISP provider as part of that issue. So what is the best way to rule out the users ISP as the problem and not the globalprotect client/VPN access? But to be fair I do not want to rule that out either . This my users complaint :
We have been having an issue with the Global Protect client dropping us seemingly randomly when are connected. Sometimes we are remoted into local machines working in Clarion and/or Sybase. Other times we are remoted into our local machine and are dropped. The message we get sometimes is Global Protect is trying to reconnect and will do so in x amount of seconds. A user has been working from home this last hour and is having issues with this. We do need assistance as sometimes it is critical for us to remain connected to respond to an immediate issue. Could you please provide assistance?
08-30-2018 06:56 AM
@jdprovine wrote:
Set to panservice not panagent?
both 🙂
08-30-2018 06:58 AM
So I have to run it twice? Because it seems to be an either or selection on the client
08-30-2018 07:19 AM
it's 2 processes you can separately run different log levels on, so you set log level for one and then the other 😉
08-30-2018 07:34 AM
I had a TAC case open for this and they just called me back, they said to run pangpservice in debug mode and start. Then highlight the logs collected and paste into notepad and then upload to the case. The said I did not have to run as pangpclient but I trust your advice more reaper
08-30-2018 07:43 AM
no ones ever died from too many logs .... i think 😉
08-30-2018 07:58 AM
Indeed! TAC is starting to go downhill
08-31-2018 05:53 AM
Collected the client off the logs and what do you know when the user came down everything worked as it should and I have convinced to contact there ISP and check out their home wireless
10-18-2018 04:02 PM
As with you all, I am experiencing user complaints about VPN connectivity and reliabilty.
One thing I have found today with one of the GP users is using what I'll call ISP C. Our company has two ISP's I'll call them ISP A and ISP B. A traceroute from either side shows traffic going to the client traversing over ISP A from the GP Gateway to reach ISP C. However, a traceroute from ISP C reveals it is traversing a path over ISP B to reach the VPN Gateway. I'm not sure if that has something to do with it or not just yet. It has been at least for this user, a problem more recently with things starting in September.
To add to it, I had a conversation with another engineer in the area at a reseller. He mentioned that he is having an issue at a client site with VPN users dropping randomly as well. They are using Cisco AnyConnect but the interresting thing is they share the same ISP C that our client is using. Not only that, but it is something that started occuring in the same timeframe as our client. These clients should have only one AS hop between their AS and our AS. I haven't confirmed the other path.
So, don't discount the idea that problems could just be ISP related. If anyone has any comments on asynchronous ISP paths using BGP please reply. I'd enjoy hearing them.
10-19-2018 05:50 AM
Absolutely, I find that 9.5 times out of 10 the issue is related to a wonky ISP connection, but its hard to get the user to believe that. They repeatedly come back to be,even when I have logs saying its not the VPN client, to get me to fix it for them. Frequently I advise them to contact their ISP, some do some don't, those who have contacted the ISP got resolution those who didn't got noe resolution. 🙂
10-22-2018 10:26 AM
In my most recent case, the user finally contacted the ISP.
Their VPN client was dropping every hour. ISP had them reboot their cable modem/router combo and it has been fine ever since.
10-22-2018 12:59 PM
Yup like I said 9.5 times out of 10 its wonky ISP connection - good luck 😉
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!