Unit 4 Assignment 1: Create a VPN Connectivity Troubleshooting Checklist
1. Find out who is affected
The first step in troubleshooting any VPN problem is to determine who is affected by it. That information can go a long way toward helping you figure out where to start looking for the problem. For example, if everyone in the company is having problems, you might look for a hardware failure on your VPN server, an incorrect firewall rule, or perhaps a configuration problem on your VPN server.
On the other hand, if there is only one person who is having a problem who can never seem to remember his/her password or Some other person who insists on connecting from their home computer, ...view middle of the document...
In one scenario, one of the users could be having trouble connecting to a VPN from a home computer. If you tried talking him through the problem, they kept telling you that what they were seeing didn't match what you were asking them to do. It turned out that the user had installed a freeware VPN client because a friend had told him it was much better than what he'd been using. On another occasion, I had someone who was unable to establish VPN connectivity because a virus had destroyed the computer's TCP/IP stack.
If users are attempting to connect from their own computer, you can't assume anything about the system they're using.
5. Try logging in locally
This probably sounds silly, but when users say that they are having trouble logging in to the VPN, one of the first things you do is verify that they can log in locally.
I once heard there was a user complaint of VPN problems. The troubleshooter spent a lot of time trying to troubleshoot the issue. When nothing they tried seemed to make any difference, they decided to double-check the user's account to see whether there were any restrictions on it. When they did, they noticed that the account was locked out. They unlocked the account and tried again, but it wasn't long before the account was locked again.
The troubleshooter reset the user's password and was able to log in without any problems. When they told the user about it, the user told the troubleshooter that he'd never been able to log in with that account. When the troubleshooter asked how he got his work done each day, he told him that he always logged in as one of his coworkers. (You can't make this stuff up.) Ever since that incident, the troubleshooter always checked to verify that the user's account is working properly.
6. See if affected users are behind NAT firewalls
Another thing one should check is whether affected users are connecting from computers that are behind a NAT firewall. Normally, NAT firewalls aren't a problem. However, some older firewalls don't work properly with VPN connections.
7. Check for Network Access Protection issues
Microsoft created the Network Access Protection feature as a way for administrators to protect network resources against remote users whose computers are not configured in a secure manner. Although Network Access Protection (NAP) works well, it has been known to...