08-15-2017 05:27 AM - edited 08-15-2017 05:30 AM
Hi All,
can someone provide configuration example for Clientless VPN access through GP portal...
I was already used configuration steps explained on this page, but seem that it not helped in my case. I'm able to authenticate and open portal landing page with published app, but there is no response of it. I'm pretty sure that all steps of configuration is by the book, but I'm not sure about step 10 where have to create security rules... With my opinion it is a bit grayed and confused, how exactly policies has to be created.
If someone have this operational, it could be very appriciated to share configuration with us...
P.S. I used troubleshooting procedure provided here and after generated logs and pcap's, only strange I can find is:
Cannot de-NAT v4 packet, no port match
== 2017-08-15 10:49:11.393 +0200 ==
Packet received at ingress stage, tag 262143, type ORDERED
Packet info: len 91 port 16 interface 256 vsys 1
wqe index 229186 packet 0x0x800000041da465c2, HA: 0
Packet decoded dump:
L2: 00:1b:17:4c:8f:10->00:70:76:69:66:00, type 0x0800
IP: 89.x.x.x (portal public IP)->10.x.x.x(dns internal) , protocol 17
version 4, ihl 5, tos 0x00, len 73,
id 44114, frag_off 0x4000, ttl 64, checksum 63738(0xf8fa)
UDP: sport 54788, dport 53,
It looks like that portal ask internal dns (DNS proxy) for resolution of published url app, but has this "de-NAT port not match" issue. Seem that packet flow after establishing initial vpn connection to portal, enforce NAT policy stage....
PANOS 8.0.4
