Skip to main content
Having a critical issue or experiencing an outage? Call our support team at 1-888-244-3133
Sign in

Network services like VPNs or websites are not working

  • Updated

Description

Users and applications are having trouble connecting via VPN clients. Site-to-site VPN tunnels are unstable or failing, causing slow, unresponsive, or frozen applications that rely on these tunnels, impacting user experience and productivity.

Indicators of this issue

VPN clients or site-to-site tunnels fail to connect or intermittently encounter timeouts that cause the tunnel(s) to flap. Internal hosted application access or monitoring is down. 

Potential Causes

If the VPN client or site-to-site VPN tunnel are unable to connect, consider the following causes. 

  • VPN client configurations are using old DNS records or IP addresses for the VPN server or internal applications.
  • Site-to-site VPN configuration or firewall policy has not been updated to use the new Bigleaf-provided IP addresses.
  • Internal websites, monitoring tools, or applications were not migrated from old legacy IP addresses to new Bigleaf-provided IP addresses.

If the VPN client or site-to-site VPN tunnel frequently disconnect or users face connectivity issues through VPN tunnels, consider these causes.

  • There are network-related connectivity issues from the remote ("roadwarrior") end user or remote site to the Bigleaf site where the VPN's terminate. For example, this could be packet loss over the Internet or a congested WiFi network. 
  • System performance issues on the firewall or other VPN server where the VPN tunnels terminate causing degraded performance.

Tests and Solutions

For VPN's that are unable to connect, we recommend looking at:

  • Perform a full audit and reconfiguration of all services and applications from legacy IP addresses to the new Bigleaf-provided IP addresses.
  • Ensure any internal routing and firewall policies refer to new IP address blocks to ensure end-to-end connectivity for remote users and hosted web or application services. 
  • Policy routing with a site-to-site VPN may be outdated or referring to outdated or stuck configuration depending on how changes were implemented. Restart VPN or routing processes to clear out potentially faulty configuration. Rebooting your firewall or network device may also restore connectivity. 
  • Refer to our guide on DNS related changes after installing Bigleaf and other related troubleshooting.
  • You can also use the Diagnostics page in Bigleaf Cloud Connect and the tcpdump tool to filter on VPN packets to verify 2-way communication, such as ESP or IKE packets on UDP port 500 or port 4500. 

For VPN's that are encountering intermittent connectivity issues or degraded application experience, we recommend looking at:

  • Validate end-to-end connectivity between the two VPN endpoints to ensure good connectivity. We recommend tools like PingPlotter or MTR to gather traceroute and to monitor the path for packet loss, latency, or jitter.
  • Review your Bigleaf site performance page to learn more about ongoing usage patterns and other possible network degradation detected by our circuit monitoring. Read more on Using the Performance Page.
  • If you see a pattern of circuit alerts that appear to align with your issues, review our circuit troubleshooting guidance. You can also contact Bigleaf Support by calling 888-244-3133 or email us at support@biglef.net for further assistance with this.
  • Check firewall or VPN server performance metrics to verify licensing and available capacity to service end user and VPN connectivity. 

Related articles

Comments

0 comments

Please sign in to leave a comment.