Routing client vpn over site to site tunnel

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Routing client vpn over site to site tunnel

L0 Member

Hello everyone, I’m new to palo alto and I have the following problematic that I couldn’t solve.

I have PA Firewall in my local site and it’s configured to allow site to site connection to a remote branch which works perfectly. In addition, I’ve set up client to site (to local site) connection and it works perfectly, I can reach all the resources in my local network. (The document attached is a summary for the environment).

However, I can’t reach the remote site from the client vpn. I tried adding some routing rules but honestly, I can’t tell what the issue could be.

Please let me know if you have any thoughts or guidelines to follow.

Thank you.

 



Please note you are posting a public message where community members and experts can provide assistance. Sharing private information such as serial numbers or company information is not recommended.
1 REPLY 1

L3 Networker

Hi @John19 

 

Check the following things and it may help:

1. Is the return route added on the Remote Site VPN end for your Client VPN IP subnet range 

2. Is your GP VPN configured in Split/Full tunnel mode. If split tunnel add the remote IP address range on the include route on the GP config

3. Check whether the security policies are in place and also if any proxy id configured add the client IP range also on the IPSec tunnel

  • 957 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!