Summary


Implementing VPNs successfully across firewalls and to remote users can be a daunting task, and we have only covered two of the more common ones, IPSEC and PPTP. When troubleshooting VPN problems, recall our methodology section from previous chapters:

  1. Define the Problem: Fire up your sniffer and see what's going on before you do anything else. Is the traffic leaving the host? Is it getting to the VPN server? Is it getting back?

  2. Gather Facts: Did anything change? Did the client software or the server software get updated? Did firewall rules change? Did the topology between systems change?

  3. Define the End State: Now that you know what the symptoms and the facts are, what are you trying to accomplish? Is this a road warrior that needs to access his e-mail? Or is this a site to site problem? Define the problem you are going to solve before ripping apart your network trying to solve symptoms that are not important to the problem.

  4. Develop Possible Solutions and Create an Action Plan: You have determined that network topology has changed or that a new version of the client software has been installed. Come up with a plan to isolate the topology changes, perhaps by attempting the VPN connection from a location unaffected by the changeor collect older versions of the software.

  5. Analyze and Compare Possible Solutions: Which solution is going to rule out the most variables? Running the old software? Or trying from a different location? What is the level of effort required to implement this solution?

  6. Select and Implement the Solution: You determine trying the old software is the fastest method of ruling out the most problems, followed by attempting the connection from other locations.

  7. Critically Analyze Solution for Effectiveness: Fire up the sniffer again and try your connection. Did it work? If so why, and can you apply this solution to solve the problem for everyone?

With these thoughts in mind, we hope that we have provided the granularity of solutions and methodology required to troubleshoot complex VPN problems. Keep in mind that this is a changing landscape of technology and implementations; the pace of development will often out-pace the quality of the documentation. Knowing how to figure out the answer is just as important as knowing the answer to a problem.



    Troubleshooting Linux Firewalls
    Troubleshooting Linux Firewalls
    ISBN: 321227239
    EAN: N/A
    Year: 2004
    Pages: 169

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net