GlobalProtect VPN internal networking conflict

Tags Palo-Alto

This article is helpful in resolving a specific GlobalProtect VPN connection failure.

When a remote user connects to the Dartmouth network with GlobalProtect, the computer will be assigned an IP address from the VPN gateway. It is possible that this IP address overlaps the subnet that the workstation is already in, which will cause a conflict.

For example: A remote employee is connecting from a hotel room where the IP address received locally is in the 10.0.0.0/8 range. The IP pool available for GlobalProtect clients is 10.229.0.0/16. This will cause issues since the client IP pool is part of the local subnet that the client is connecting from. When this happens an error is generated in GlobalProtect: "Assign Private IP address failed".

To work around this issue you can connect to a different network that is not using IP addresses that overlap with Dartmouth's internal networks.  Alternatively, if you need general Dartmouth network access but not access to a specific VPN group, you can change your VPN gateway to vpn-mobile.dartmouth.edu.  This will let you get an IP address that starts with 129.170.241.0/24 and is guaranteed to not overlap your local network's IP addressing.  After you are done, you should change your VPN gateway back to vpn.dartmouth.edu.

 

See Related Articles to the right for more information.

 

Still Need Help? Click here to fill out a ticket.

Details

Article ID: 74198
Created
Wed 3/20/19 4:20 PM
Modified
Mon 3/25/19 11:27 AM