Getting started with VPN troubleshooting
Complete this task to learn the various methods for determine any VPN problems you are having on your system.
There are several ways to begin analyzing VPN problems:
- Always make sure that you have applied the latest Program Temporary Fixes (PTFs).
- Ensure that you meet the minimum VPN setup requirements.
- Review any error messages that are found in the Error Information window or in the VPN server job logs for both the local and the remote systems. In fact, when you are troubleshooting VPN connection problems it is often necessary to look at both ends of the connection. Further, you need to take into account that there are four addresses you must check: The local and remote connection endpoints, which are the addresses where IPSec is applied to the IP packets, and the local and remote data endpoints, which are the source and destination addresses of the IP packets.
- If the error messages you find do not provide enough information to solve the problem, check the IP filter journal.
- The communication trace on the system offers you a another place to find general information about whether the local system receives or sends connection requests.
- The Trace TCP Application (TRCTCPAPP) command provides yet another way to isolate problems. Typically, IBM® Service uses TRCTCPAPP to obtain trace output in order to analyze connection problems.
Other things to check
If an error occurs after you set up a connection, and you
are not sure where in the network the error occurred, try reducing
the complexity of your environment. For example, instead of investigating
all parts of a VPN connection at one time, start with the IP connection
itself. The following list gives you some basic guidelines on how
to start VPN problem analysis, from the simplest IP connection to
the more complex VPN connection: