To do this, the NAT gateway must forward the corresponding TCP port to the mGuard (see "Listen for incoming VPN connections, which are encapsulated" on page 317). The mGuard may receive VPN connections encapsulated in TCP, even when it is positioned behind a NAT gateway in the network and thus cannot be reached by the VPN peer under its primary external IP address. TCP encapsulation avoids these problems because the packets belonging to the relevant VPN connection are encapsulated in TCP packets, i.e., they are hidden so that only TCP packets appear for the network infrastructure. Without this encapsulation, under certain circumstances it is possible for VPN connections that important data packets belonging to the VPN connection may not be correctly transmitted due to interconnected NAT routers, firewalls or proxy servers, for example.įirewalls, for example, may be set up to prevent any data packets of the UDP protocol from passing through or (incorrectly implemented) NAT routers may not manage the port numbers correctly for UDP packets. This function is used to encapsulate data packets to be transmitted via a VPN connection in TCP packets. When the function is deactivated, all log entries will be archived. If only log entries generated for failed connection attempts are to be archived, activate the function. A snapshot provides your supplier's support team with additional options for more efficient troubleshooting than would be possible without archiving.Īrchive diagnostic messages only upon failure They can be downloaded as part of the support snapshot ( Hardware menu item). – Archived log entries are not affected by a restart. (Application notes are available in the download area of /products.) – Via the CGI interface nph-vpn.cgi using the “synup” command (see application note: “How to use the CGI Interface”). – Via the “Start” icon on the web interface The resulting logging volume makes it time-consuming to find the information relevant to one error.Īfter archiving is enabled, relevant log entries about the operations involved in establishing VPN connections are archived in the non-volatile memory of the mGuard if the connections are established as follows: – If an mGuard is being used as the central VPN peer, e.g., in a remote maintenance center as the gateway for the VPN connections of numerous machines, the messages regarding activity on the various VPN connections are logged in the same data stream. – The relevant log entries of the mGuard that could be useful may be deleted because the mGuard regularly deletes older log entries on account of its limited memory capacity. – When used remotely, it is possible that a VPN connection error can only be diagnosed after the mGuard is temporarily disconnected from its power source – which causes all the log entries to be deleted. – In certain application environments, e.g., when the mGuard is “operated” by means of a machine controller via the CMD contact ( only for FL MGUARD RS4000/RS2000, TC MGUARD RS4000/RS2000 3G, TC MGUARD RS4000/RS2000 4G, FL MGUARD RS4004/RS2005, and FL MGUARD RS, FL MGUARD GT/GT ), the option for a user to view the mGuard log file via the web-based user interface of the mGuard may not be available at all. This may be the case if the following conditions apply: If the option of diagnosing VPN connection problems using the mGuard logging function is too impractical or insufficient, select this option. If it is sufficient, you can deactivate the function at this point. This option for error diagnostics is used as standard. If errors occur when establishing VPN connections, the mGuard logging function can be used to find the source of the error based on corresponding entries (see Logging > Browse Local Logs menu item). In the case of “hub and spoke”, 1:1 NAT of the peer is not supported.Īrchive diagnostic messages for VPN connections In this case, it is recommended that the local mGuard consults CA certificates for the authentication of peers (see "Authentication" on page 342). With a star VPN connection topology, mGuard peers can also exchange data with one another.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |