Native VPN client on android phone

cancel
Showing results for 
Search instead for 
Did you mean: 

Native VPN client on android phone

L4 Transporter

I recently upgraded my PA 5050 to 7.1.9. Before that users could connect to the VPN could connect via their native VPN client on their android phones and today I got a call saying one user no longer could and it was failing on the encryption. Any ideas?

28 REPLIES 28

The issue is visible on 8.0.0 

l  am doing now an upgrade to my lab firewall to 8.0.2 . Will report back later

@TranceforLife

I wonder if it started with the 7.1 series, I am thinking it can't pass the pre-shared key corrected and do its phase 2 but not sure how that can be fixed

But again I cannot get the global protect client for mac does not work either

TAC found the answer to the issue is that with the upgrade to 7.1 there is a capital A under the portal/client authentication OS Any in the GUI and it was a lower case a in the 7.0 version. Once matched that up to what he saw in the command line it started working again with the native clientany.PNG

Hi,

 

Thanks for the update. I am still battling. Must be an issue with the configuration .....................

Here it the resolution from the TAC case

 

We found errors for the invalid proposal from the client and it was due to changes in Global Protect fields post the upgrade of PAN OS 7.1 (Bug 94883)

>> Checked the configuration on the firewall for the Global Protect and found OS field contain value "any" instead of "Any" was the root cause of connectivity issue using the Native Client.

> configure
# set global-protect global-protect-gateway <gateway_name> client-auth <client_auth_name> os Any
# commit

>> Post the above changes for the OS field the native clients were able to connect to the Global Protect Gateway and we have verified the connectivity

View solution in original post

@TranceforLife

I just posted the tac case resolution information

@jdprovine You made my day!

On the GUI l had "Any" so anyway decided to override the config specifying again "Any". Commit. Boom all good))

 

IOS.PNG

 

@TranceforLife

TAC came through for both of us

I can confirm that i was able to solve the same issue with PANOS 7.1.10.

In my case in the CLI there was "any" and "Any" available.

We choosed Upper Case (which is not available in the GUI) and the Clients were able to connect again.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!