Reset Search



KB44178 - End users are unable to access resources with Azure or AWS based Pulse Connect Secure appliances due to packets are dropped by virtual gateway

« Go Back


Last Modified Date9/14/2019 11:53 PM
This article describes an issue where end users are unable to access resources with Azure and AWS based Pulse Connect Secure appliances when the assigned VPN tunneling IP pool subnet is different than the internal interface.
Problem or Goal
When the end user connects to a resource, Azure and AWS virtual gateway will drop packets that are not belong to the same subnet within the configure VPC.
This issue occurs due to the assigned VPN Tunneling IP pool subnet does not match the internal port of the Pulse Connect Secure appliance.  Under this scenario, the virtual gateway will drop all packets that does not fall under the same subnet that is configured for the internal port for the virtual private cloud (VPC).
To resolve this issue, please upgrade to Pulse Connect Secure 9.1R1 and above.  Starting in 9.1R1 (for AWS and Azure instances only), Pulse Connect Secure has a configurable option to change the source IP address for all VPN tunneling traffic to the internal port.
  1. Login to admin web interface
  2. Navigate to System > Network > VPN Tunneling
  3. Enable Source NATTING
By default, Source NATTING is disabled.
Related Links
Attachment 1 
Created ByNick Christen



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255