SnapGear 2.0.1 User Manual

Page 154

Advertising
background image

Virtual Private Networking

150

Set up LMHOST files on remote hosts to resolve names to IP adresses.

Symptom: Tunnel comes up but the application does not work across the tunnel.

Possible cause: There may be a firewall device blocking IPSec packets.

The MTU of the IPSec interface may be too large.

The application uses broadcasts packets to work.

Solution: Confirm that the problem is the VPN tunnel and not the application being
run. These are the steps you can try to find where the problem is (it is assumed that
a network to network VPN is being used):

Ping from your PC to the Internet IP address of the remote party (it assumed that the
remote party is configured to accept incoming pings)

Ping from your PC to the LAN IP address of the remote party.

Ping from your PC to a PC on the LAN behind the remote party that the tunnel has
been configured to combine.

If you cannot ping the Internet IP address of the remote party, either the remote party
is not online or your computer does not have its default gateway as the CyberGuard
SG appliance. If you can ping the Internet IP address of the remote party but not the
LAN IP address, then the remote party's LAN IP address or its default gateway has
not been configured properly. Also check your network configuration for any devices
filtering IPSec packets (protocol 50) and whether your Internet Service Provider is
filtering IPSec packets. If you can ping the LAN IP address of the remote party but
not a host on the remote network, then either the local and/or remote subnets of the
tunnel settings have been misconfigured or the remote host does not have its default
gateway as the remote party.

If you can ping across the tunnel, then check if the MTU of the IPSec interface is
allowing packets to go through. Reduce the MTU if large packets are not being sent
through the tunnel.

If the application is still not working across the tunnel, then the problem is with the
application. Check that the application uses IP and does not use broadcast packets
since these will not be sent through the CyberGuard SG appliance. You should
contact the producer of the application for support.

Advertising
Popular Brands
Popular manuals