We are migrating from Cisco any connect to Global protect. From our cisco any connect all SAP applications from Juniper Pulse VPN are working. However when we connect on Global protect all SAP applications are working except https://sap-portal.juniper.net. The policies are allowed correct and all routes are correct, split tunnels also are set correctly and NAT.
We check the monitor and we verified that routes are correct its just weird that specific route is not seen by our PA
Have you encounter this issue? Any suggestion would greatly appreciated.
Yes it resolves the address of that URL when I do a NS look up. So just to give you a back ground. Our users from KUL site are using Pulse Secure VPN and Cisco any connect simultaneously and on any connect they can access all the SAP portals. Since we are migrating from any connect to GP we tried to have them to connect on GP and access all the SAP APP and everything works except https://sap-portal.juniper.net , the routes are correct, policies are allowed, split tunnel permits the 10/8 address because that portal uses a 10.x.x.x.x network
OK, Can you try put exactly network of the portal ? for example ? 10.1.1.100/32.
And then in th GP client check the routes to verified if the route is charging in the routes GP.
In 6.X Gp you can chek in Tshiit, advanced and routing table.
Try put in the split route, exactly route ( example: 10.1.1.100/32 ), logoff login from gp VPN an then test and check Log monitor, filter source your IP GP.
Try to do a ping a tracert from Client use GP to check if the route is going to another site, device or is looping in a parte of your network.
The 10.x.x.x.x/8 is include on split tunnel and the address of that https://sap-portal.juniper.net which is 10.x.x.x.x so technically it should be added. We had same issue with OKI site but we are able to fix it by adding host file for DNS. We already did it for KUL users and it seems that single SAP portal is not working, I have the user to connect on OKI VPN instead since they are configured the same way but still the user wsan't been able to access the SAP portal
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!