Brocade Mobility 7131N-FGR Access Point Product Reference Guide (Supporting software release 4.0.0.0-35GRN and later) User Manual

Brocade Mobility 7131N-FGR Product Reference Guide

579

53-1001947-01

Configuring an IPSEC tunnel and VPN FAQs

B

Try the following troubleshooting tips:

•

Verify you can ping each of the remote Gateway IP addresses from clients on either side.
Failed pings can indicate general network connection problems.

•

Pinging the internal gateway address of the remote subnet should run the ping through the
tunnel as well. Allowing you to test, even if there are no clients on the remote end.

•

Try re-setting the shared secret password on the access point.

•

Question 12: My tunnel works fine when I use the LAN-WAN Access page to configure my
firewall. Now that I use Advanced LAN Access, my VPN stops working. What am I doing wrong?
VPN requires certain packets to be passed through the firewall. Subnet Access automatically
inserts these rules for you when you do VPN. Advanced Subnet Access requires these rules to
be in effect for each tunnel.

•

An 'allow' inbound rule.

•

An 'allow' outbound rule.

•

For IKE, an 'allow' inbound rule.

Scr

<Remote Subnet IP range>

Dst

<Local Subnet IP range>

Transport

ANY

Scr port

1:65535

Dst port

1:65535

Rev NAT

None

Scr

<Local Subnet IP range>

Dst

<Remote Subnet IP range>

Transport

ANY

Scr port

1:65535

Dst port

1:65535

NAT

None

Scr

<Remote Subnet IP range>

Dst

<WAN IP address>

Transport

UDP

Scr port

1:65535

Dst port

500

Rev NAT

None