09-09-2013 06:13 AM
hi
is there any good alternatives out there for connecting linux and android clients to global connect\PA native IPsec vpn ??
And I DO NOT mean that native cisco is OK, the encryption used here has been broken for several years,and are not designed for either linux or android, and in many cases it does not function well
09-09-2013 09:35 AM
yes this seems very strange to as well, linux are an important part of many back bone and end users OS systems (i have been told that PA is built on centos linux distr for example) and there are estimates ranging between 25 and 50 mil linux users worldwide. For android I have seens estimates ranging from 40 - 60% of the global smartphone market, wich is double the number of iphone users, yet there is a iphone client from PA.
To me it just does not make sense. I have seen in several discussions here that these clients have been placed on the roadmap for PA development, but not for long yet it seems..
Is palo alto really satisfied with leaving this many users without a good and supported native solution ???
09-09-2013 02:56 PM
So are people successfully using the cisco anyconnect client for remote linux desktop laptop Cisco AnyConnect VPN Client Administrator Guide, Version 2.0 - Common AnyConnect VPN Client Installa... ?
I'm thinking of testing it for Mac and windows as well. I have been disappointed with the inability to easily prevent the GP agent from running at startup on Mac and windows... and the inability to make the agent process quit.
09-09-2013 03:06 PM
You can connect a linux client (using vpnc) to GlobalProtect as long as you've enabled tunnel mode and allow x-auth.
For Android, if you have purchased the portal license you can use the native Android GlobalProtect client (I use it myself on my Galaxy S3). Even if you don't have the license you can use the native VPN function on Android and iOS, as long as you have it set up with x-auth as above.
If you do have the paid license, you can find the app in the Play Store: https://play.google.com/store/apps/details?id=com.paloaltonetworks.globalprotect
iOS version is here: https://itunes.apple.com/us/app/globalprotect/id592489989?mt=8
Here's a doc talking about how to enable x-auth and get vpnc to connect:
using vpnc with Palo Alto 4.1 IPSEC/Xauth
Hope this helps!
Greg
edit: had the wrong link to the discussion before - sorry about that!
09-10-2013 12:12 PM
Greg... this is good. I have been able to easily get linux, ios and Mac OSX to connect using tunnel mode and Xauth. Native clients!!
Now Windows is the sticking point. Any ideas on how to avoid having to install the PA GP client on Windows. We are experimanting with Windows settings in the native client, with no luck so far.
09-10-2013 01:18 PM
hmm. apparently it will be difficult if not impossible to get the windows native client to play nice with Ipsec / Xauth (especially with psk). This juniper tech note explains..
Juniper Networks - NCP Secure Client – Juniper Edition (IPsec client) FAQ - Knowledge Base
09-14-2013 11:57 AM
HI,
yes I have also found anothwer app vpncilla that connects fine, and I think it is sad that their android client is restricted to portal license users, a lot of users, like my company uses global protect, witout having or need ing the rather expensive portal license.
andnothing good for linux wich is my main problem, native cisco with x auth does not work so good, and it uses broken security encryption.
besides palo alto does not support this, saying its not their native solution like global protect client for windows or ios.
like I said it have been on their roadmap for years and I am surprised, that we havent seen it yet
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
