Description - Users and applications are unable to connect using a VPN client, or internal routing over a site-to-site VPN tunnel has failed or is intermittent.
Indicators of this issue - VPN clients or site-to-site tunnels fail to connect. Application access or monitoring is down.
Potential Causes
-
VPN client configurations are using old DNS records or IP addresses for the VPN server or internal applications.
-
Site-to-site VPN configuration or firewall policy has not been updated to use the new Bigleaf-provided IP addresses.
-
Internal websites, monitoring tools, or applications were not migrated from old legacy IP addresses to new Bigleaf-provided IP addresses.
Tests and Solutions
-
Perform a full audit and reconfiguration of all services and applications from legacy IP addresses to the new Bigleaf-provided IP addresses.
- Ensure any internal routing and firewall policies refer to new IP address blocks to ensure end-to-end connectivity for remote users and hosted web or application services.
- Policy routing with a site-to-site VPN may be outdated or refering to outdated or stuck configuration depending on how changes were implemented. Restart VPN or routing processes to clear out potentially faulty configuration. Rebooting your firewall or network device may also restore connectivity.
-
Refer to our KB for DNS related reconfiguration and issues: https://support.bigleaf.net/hc/en-us/articles/4414756683675-LAN-devices-cannot-resolve-DNS-hostnames
- You can also use our Troubleshooting tab and the tcpdump tool to filter on VPN packets to verify 2-way communication, such as ESP or IKE packets on UDP port 500 or port 4500. Refer to our KB article and videos on using the Troubleshooting tab and tcpdump: https://support.bigleaf.net/hc/en-us/articles/4910323071387--Videos-Super-Admin-Troubleshooting-Tab
Comments
0 comments
Please sign in to leave a comment.