User manual

ManualsBrandsSecure Computing ManualsComputer equipmentSG550

231

232

233

234

235

236

237

238

239

240

Virtual Private Networking

236

The remote party's settings are incorrect.

Solution: Confirm that the certificates are valid. Confirm also that the remote party's

tunnel settings are correct. Check the Distinguished Name entry in the the SG unit's

tunnel configuration is correct.

• Symptom: Remote hosts can be accessed using IP address but not by name

Possible cause: Windows network browsing broadcasts are not being transmitted

through the tunnel.

Solution: Set up a WINS server and use it to have the remote hosts resolve names

to IP addresses.

Set up LMHOST files on remote hosts to resolve names to IP adresses.

• Symptom: Tunnel comes up but the application does not work across the tunnel.

Possible cause: There may be a firewall device blocking IPSec packets.

The MTU of the IPSec interface may be too large.

The application uses broadcasts packets to work.

Solution: Confirm that the problem is the VPN tunnel and not the application being

run. These are the steps you can try to find where the problem is (it is assumed that

a network to network VPN is being used):

Ping from your PC to the Internet IP address of the remote party (it assumed that the

remote party is configured to accept incoming pings)

Ping from your PC to the LAN IP address of the remote party.

Ping from your PC to a PC on the LAN behind the remote party that the tunnel has

been configured to combine.

If you cannot ping the Internet IP address of the remote party, either the remote party

is not online or your computer does not have its default gateway as the SG unit. If

you can ping the Internet IP address of the remote party but not the LAN IP address,

then the remote party's LAN IP address or its default gateway has not been

configured properly. Also check your network configuration for any devices filtering

IPSec packets (protocol 50) and whether your Internet Service Provider is filtering

IPSec packets. If you can ping the LAN IP address of the remote party but not a host

on the remote network, then either the local and/or remote subnets of the tunnel

settings have been misconfigured or the remote host does not have its default

gateway as the remote party.

If you can ping across the tunnel, then check if the MTU of the IPSec interface is

allowing packets to go through. Reduce the MTU if large packets are not being sent

through the tunnel.

If the application is still not working across the tunnel, then the problem is with the

application. Check that the application uses IP and does not use broadcast packets

since these are not sent across the IPSec tunnels. You should contact the producer

of the application for support.