05-02-2023 05:48 AM
Hi,
The issue i'm encountering is related to one our vpn client(server) which cannot use directly a S2S connection and must use a P2S connection that is always activated at all time.
We want from one of our virtual machine in azure to access this server through the S2S vpn and then through the global protect to reach the server at the end.
Our achitecture is currently with a virtual machine set up with a point to site connection to our onpremise datacenter and a site to site vpn to azure(virtual network gateway).
Unfortunately, even after creating static routes i see the traffic is allowed through our security policies but always end with an aged-out message and no connectivity between the vpn client and the azure network is established.
Does someone know if that setup is supported with static routes configured or do we need to use another way of routing our traffic with bgp for exemple ?
Thanks in advance for all your help or advices.
Cordially,
Alexis DINET
OHC
05-04-2023 02:59 PM
Hello,
Check the logs and see if the PAN is seeing applications or if it just says 'incomplete'. If it says incomplete, there is a routing issue as the PAN has not seen enough packets to make an application determination (this is what I have seen as the most common reason for this). Perhaps its asymetric routing?
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
