This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies. For details on cookie usage on our site, read our Privacy Policy
Hello, I was using 5.0.0 and had the problem with IE and Firefox. I even get a debug capture which only says <response status="success"><result><response status="error"><result>User could not be unlocked. Please check the authentication profile and/or the authentication sequence for this user.</result></response></result></response> I have done 2 things, upgraded to the last version and rename a local group with the same name of the NetBIOS name of a Windows domain I was authenticating from the problem disappear Sorry for disturbing Have a nice day Jean-Luc
... View more
Hello, I have a locked user I am unable to unlock hil. I can see him in WebUI but when I click on his name nothing happens. What can I try else ? regards Jean-Luc
... View more
Hello, Here is the schema: Hope this can help understanding. I prefer to terminate the tunnel on the cisco router because we have vrf-lite configuration on it. And if we terminate the VPN on the Palo-Alto, they will not be vrf-aware
... View more
Hello, The PA-200 is just pass-through. And the problem is that the response is not correctly forwarded to the Cisco router. The IKE exchange get stuck in the middle : From one side it says : MM_NO_STATE and from the other MM_SA_SETUP. I will make a schema and post it. could it be related to the two public link on the same physical interface ? If absolutely necessary I can ask to have the the two sub interface on two physical one. thnaks trying to help Jean-Luc
... View more
Hello, I am trying to have a Cisco router establishing an IP SEC Tunnel behind a pao alto firewal configured in L3 Mode. The tunnel should be established on a secondary address on a sub interface Eth 1 Public, Two Sub interface 1.666 and 1.667 eth1.666 address is x.y.z.131/25 and need the tunnel on x.y.z.132 then I do NAT 1-1 rule with option bidirectionnal The source of the tunnel is 10.35.3.253 on eth2.500 The IKE exchange begin but stop in the middle. If I use x.y.z.131 no problem, it works. But I need the 131 address for other things. What should I do for the NAt 1-1 to accept the secondary address ? Jean-Luc
... View more