Chapter 11: Troubleshooting Remote Access VPN Connections

Overview

There is no getting around it—with a technology as complex as a virtual private network (VPN) incorporating so many services and functions in one solution, you might need to do some troubleshooting to get it running. As described in Chapter 5, “Remote Access VPN Components and Design Points,” many separate components are involved in the creation of a remote access VPN connection, all of which must be correctly configured for connections to be successful. This chapter describes the set of troubleshooting tools provided with Microsoft Windows that you can use to gather information about connections, and then describes what to look for to correct the most common problems with remote access VPN connections. Because several components work together to make VPN happen (tunneling protocols, Internet Protocol Security [IPSec], public key infrastructure [PKI], Domain Name System [DNS], Windows Internet Name Service [WINS], Dynamic Host Configuration Protocol [DHCP], routing, and so forth), you will have to use several troubleshooting tools to capture the entire picture. The best way to handle VPN troubleshooting is to keep two ideas in mind:

• “Divide and conquer.” Isolate the services that are working properly so that you can drill down from there to the problem areas. Make sure to devise ways to test the separate components—for example, make sure DHCP is operating properly without VPN services running to ensure that the basic operations are working correctly. Using the “divide and conquer” methodology, you will have a much better experience troubleshooting the complex set of components that are VPNs.

• “This troubleshooting stuff really works!” Don’t get discouraged because of the complexity. If you take your time and work methodically, you will be very pleased with the results.