03-05-2018 07:51 AM
So other than the time out settings for the GP client. Is there limit set somewhere that tells it to disconnect a client for dropped, insufficient or any other packet settings
03-05-2018 09:11 AM
So I'm assuming that this is a continuation of the last issue, and so have followed the same troubleshooting path. If that's not the case this could easily be wrong.
A few things I can think of.
1) Max User setting is enabled. (Gateways > Gateway > Agent > Tunnel Settings )
2) The user is dropping enough packets that the tunnel is collapsing. (On a GP Client this is less of an issue, with XAuth and built-in VPN clients I'm not so sure.)
3) The user really isn't testing much and just wants it fixed so he's telling you what you would want to here. If you can't duplicate the issue off his home network, I would be suspicious that he's actually testing much.
03-05-2018 09:50 AM
More like a nightmare :P. I have two other users(co-workers) that are having issue getting booted out but they are also remoting to their desktops via VPN from home
1. max user is not set
2. We have x-auth enabled Gateway\agent\tunnel setting Enable X-auth support is selected
3. The user (co-worker) is not doing all the things I have requested, he won't try to connect to the portal via a web browser to make sure it is up, he has not done wireshark from home. I cannot replicate the issue with his laptop, on a cable modem here at work.
I think the wireshark is the only thing that would tell us about the packet drops, run from his home of course. I have also offered to run a packet capture on the PA when he is trying to connect from home, but that won't help if he never makes it to the AP
03-05-2018 10:58 AM
There was a co-worker from.... oh wrong post....
hi @jdprovine.
i cant see how this can be due to any tunnel or session timeouts, not sure what they are called....
because in your previous post you mentioned that on the PA you noticed an existing user session being disconnected.
this would not be the case if the PA disconnected the tunnel itself.
nor would you see this if the client disconnected gracefully..
wireshark will not deffo be the answer but may show what is going on.
you said that the users client was showing as disconnected when this happened so the reason for this disconnection must be in the pangps client logs somewhere...
you have posted log entries but not all, mostly for reconnection attempts,
could you not ask the user to tell you what time this occurred and look at the logs up to when this happened.
Happy to trawel through the logs myself but not sure how you can get them to me..
Mick.
03-05-2018 11:02 AM
Now I can't get him to do the wireshark, he says it too much information and his issue is sporatic. Which logs are you referring too?
03-05-2018 11:13 AM
From the clint device...
pangps.log
03-05-2018 11:30 AM
Hello,
I would also peak at the time limit settings.
However the sporadic/intermittent ones are the worst to work with.
03-05-2018 11:41 AM
This user doesn't hit the limits, his connection is intermittant right at the start
03-05-2018 11:46 AM
Yeah that bites...hard to test a solution like that :(.
03-05-2018 11:51 AM
More than I gave you I presume and I downloaded the tech support file but I haven't found anything obvious yet and I have been looking through the sslvpn_ngx_error.log not sure it that is the one I should look at or not
03-05-2018 11:57 AM
Sorry @jdprovine, not sure what you are saying....
03-05-2018 12:04 PM
In the previous threads I gave you a snippet of the pangp.log from the globalprotect client but I assume there wasn't enough information in it to make any determination, so I assume you want more of that log to look at. There is another log you can get if you download and open the tech support file which is sslvpn_ngx_error.log,
03-05-2018 12:30 PM - edited 03-05-2018 12:32 PM
Yes the pangp log that you sent a snippet of... it would be great to see the whole file but not sure if you can send it....
Edit: or if your prepared to post it....
03-06-2018 05:09 AM
@Mick_Ball @OtakarKlier @BPry @reaper
My coworker is supposed to bring in some packet traces for me to review today so hopefully we can see something. But I am also seeing on the firewall that he is getting in and on the server he is accessing he is getting a tcp resever from server. To me again that point toward his ISP correct me if I am not correct.
03-06-2018 06:19 AM
well yes it's pointing that way... the TCP RST (Reset) will be sent if the conversation is idle for an extended period of time...
did your co-worker state that he/she was disconnected at that particular time? or did you just happen to see it...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
