Global protect vpn traffic to azure site to site vpn not working as expected

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Global protect vpn traffic to azure site to site vpn not working as expected

L0 Member

Hi,

 

The issue i'm encountering is related to one our vpn client(server) which cannot use directly a S2S connection and must use a P2S connection that is always activated at all time.

We want from one of our virtual machine in azure to access this server through the S2S vpn and then through the global protect to reach the server at the end.

Our achitecture is currently with a virtual machine set up with  a point to site connection to our onpremise datacenter and a site to site vpn to azure(virtual network gateway).

Unfortunately, even after creating static routes i see the traffic is allowed through our security policies but always end with an aged-out message and no connectivity between the vpn client and the azure network is established.

 

Does someone know if that setup is supported with static routes configured or do we need to use another way of routing our traffic with bgp for exemple ?

 

Thanks in advance for all your help or advices.

 

Cordially,

Alexis DINET

OHC

1 REPLY 1

Cyber Elite
Cyber Elite

Hello,

Check the logs and see if the PAN is seeing applications or if it just says 'incomplete'. If it says incomplete, there is a routing issue as the PAN has not seen enough packets to make an application determination (this is what I have seen as the most common reason for this). Perhaps its asymetric routing?

Regards,

  • 1223 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!