It does not look like the error is related to certs imo... It seems like the GP agent cannot connect to the GP gateway IP on E1/1 after authenticating to the portal on E1/4 - there is no asymmetrical routing issue here. Seems like a sensible config since the portal only pushes down settings to the GP client and then "quits". The GP agent then decides which gateway to connect to based on the settings pushed down from the portal. Thus there cannot be a asymmetrical route issue since the portal and gateway are not linked in anyway. As you mentioned, changing the portal from E1/4 to E1/1 causes it to fail as well. How about trying to setup the GP portal and gateway on E1/4 as a test?
... View more