Is it possible to configure remote vpn client access without a Global Protect Gateway license? It seems that remote client vpn configuration depends on HIP Objects/ Profiles, which in-turn requires Global Protect licensing. Is there a way to configure ip-sec for remote client access? The ip-sec/ ike configuration options seem relevant to site-to-site vpn, but not remote client access. Thanks in advance for any guidance and/ or configuration examples.
What do you mean by"remote vpn client access" ?You mean vpn with Host Check ? or just ssl vpn ?
HIP license is just for Host check and you need Global Protect Portal and GW license.If you need just ssl vpn you do not need a license.
The documentation seems to provide the answer I was looking for via the table regarding license requirements on page 3. It looks like a portal license and/ or a gateway subscription is required for HIP (host check) support. I am looking to provide vpn access to remote end users with laptops and iOS devices. Are you saying I can provide SSL VPN to these clients without host check (HIP) without additional licensing?
yes you can provide ssl vpn access without license.HIP is not mandatory.Also You can use Xauth for IOS devices.That also without license.But if you want to use appstore Global protect software you need GW license.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!