Manualshelf

Specifications

ManualsBrandsMDS ManualsComputer equipmentOrbit MCR-4G
61626364656667686970
56 MDS Orbit MCR-4G Technical Manual MDS 05-6628A01, Rev. A
admin@(none) 20:38:44% exit
[ok][2013-01-18 20:40:45]
admin@(none) 20:38:44>
Monitoring
Ensure the CLI is in operational mode. Follow the example below to view the VPN connection state (con-
necting, connected or disconnected). The failure-reason displays the reason for last connection failure.
admin@(none) 20:40:45> show services vpn
services vpn ipsec ipsec-status connections connection VPN-GWY-CONN-1
state connecting
failure-reason none
last-timestamp 2013-01-18T20:24:15+00:00
ima-evaluation none
ima-recommendation none
admin@(none) 20:40:45> show services vpn
services vpn ipsec ipsec-status connections connection VPN-GWY-CONN-1
state connected
failure-reason none
last-timestamp 2013-01-18T20:24:15+00:00
ima-evaluation none
ima-recommendation none
With a connection made, ping the back-office PC to make sure the traffic is passing between device and PC.
admin@(none) 20:41:32> ping 192.168.2.1
PING 192.168.1.2 (192.168.2.1) 56(84) bytes of data.
64 bytes from 192.168.2.1: icmp_req=1 ttl=63 time=389 ms
64 bytes from 192.168.2.1: icmp_req=2 ttl=63 time=161 ms
[ok][2013-01-18 20:49:42]
VPN Troubleshooting
The following are common reasons for VPN connection failure:
1. Invalid certificate or keys loaded on the device
2. Time not synchronized on the device. Note that after cell connection is established, device can take few
minutes to sync time from NTP server. VPN connection will not succeed until time is synchronized.
3. Mismatch in ciphersuites configured for IKE policy on device and peer VPN gateway.
4. Mismatch in ciphersuites configured for IPsec policy on device and peer VPN gateway.
5. Mismatch in remote and local IP subnets configured for IPsec connection on device and peer VPN
gateway. Note the following:
a. for device
i. remote ip subnet = back-office subnet
ii.local ip subnet = local LAN or WIFI subnet on device
iii.
b. for VPN gateway
i. remote ip subnet = device’s local LAN or WIFI subnet
ii.local ip subnet = back-office subnet on device
iii.