UPDATE.. sourced from inside the networks attached to PANOS.. I can reach the VPN client. But the other way.. sourcing from PANGP client .. I can't get in. Which, a. means routing is fine b. I can see in a traceroute from PANGP client I get nothing from next hop of gateway.. and the 'Access Routes' are working/inplace so I should get to the CIDR via the PANGP gateway address assigned..
... View more
The Gateway/Portal of my setup works fine. It's routing I think that's not working. I just want a client over GP to hit local networks off the PANOS. IP Pool and access routes that been defined, work just fine .. I can see client has been bestowed these when it connects.. What's the basic setup from a routing perspective ? - I set up a tunnel.## interface, and default vr, and assign the GP gateway to it - I add the tunnel.## to zone of 'untrust' - I add a static route under vr's (even though I read an article that routes are automatically added for this ? https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CluKCAS) where the IP pool assigned in the Client Config of Gateway is pointed to tunnel.##.. no next hop IP defined. - NAT perhaps is my issue ? I need an exempt ? Where source zone is trust and destination zone is untrust and destination interface is tunnel.## ? I did this.. still no go..
... View more