LAB 7 IS3220 INFORMATION TECHNOLOGY INFRASTRUCTURE SECURITY
1522 WordsSep 23, 20137 Pages
VPN connectivity troubleshooting checklist
1. Users can't access file servers If the user can access the file server using an IP address but not a name, then the most likely reason for failure to connect is a name resolution problem. Name resolution can fail for NetBIOS or DNS host names. If the client operating system is NetBIOS dependent, the VPN clients should be assigned a WINS server address by the VPN server. If the client operating system uses DNS preferentially, VPN clients should be assigned an internal DNS server that can resolve internal network host names.
When using DNS to resolve internal network host names for VPN clients, make sure that these clients are able to correctly resolve unqualified fully qualified domain names…show more content…
L2TP/IPSec is more complex. Both the user and the user's machine must be able to authenticate with the VPN server. Machine authentication can use either a pre-shared key or machine certificate. If you use pre-shared keys (not recommended for security reasons), check that the VPN client is configured to use the same pre-shared key as the server. If you use machine certificates, confirm that the VPN client machine has a machine certificate and that is also trusts the certificate authority that issued the VPN server's machine certificate.
6. Site-to-site VPNs connect but no traffic passes between the VPN gateways
When creating site-to-site VPN connections between Windows RRAS servers, you may find that the VPN connection seems to be established, but traffic does not move between the connected networks. Name resolution fails between the networks and hosts are unable to even ping hosts on the remote site network.
The most common reason for this failure is that both sides of the site-to-site network connection are on the same network ID. The solution is to change the IP addressing scheme on one or more networks so that all networks joined by the site-to-site VPN are on different network IDs.
7. Users can't establish IPSec tunnel mode connections from