Troubleshooting – SnapGear 2.0.1 User Manual

Virtual Private Networking

147

Figure 9-25

The certificate names will be displayed under the appropriate certificate type. Clicking
the Delete button deletes the certificate from the CyberGuard SG appliance.

Troubleshooting

•

Symptom: IPSec is not running and is enabled.

Possible Cause: The CyberGuard SG appliance has not been assigned a default

gateway.

Solution: Ensure the CyberGuard SG appliance has a default gateway by
configuring the Internet connection on the Connect to Internet page or assigning a
default gateway on the IP Configuration page.

•

Symptom: Tunnel is always down even though IPSec is running and the tunnel is

enabled.

Possible Cause: The tunnel is using Manual Keying and the encryption and/or
authentication keys are incorrect.

The tunnel is using Manual Keying and the CyberGuard SG appliance's and/or
remote party's keys do not correspond to the Cipher and Hash specified.

Solution: Configure a correct set of encryption and/or authentication keys. Select
the appropriate Cipher and Hash that the key have been generated from, or change
the keys used to use the selected Cipher and Hash.

•

Symptom: Tunnel is always Negotiating Phase 1.

Possible Cause: The remote party does not have an Internet IP address (a No route
to host message is reported in the system log).

The remote party has IPSec disabled (a Connection refused message is reported in
the system log).