Checking the tunnel setup
From a client workstation located on each remote site, enter the URL of your intranet site in a web
browser. For example: http://intranet_site_name.
If you have allowed ICMP in the filter rules, you can also ping from the workstation to the intranet
server.
Checking in Stormshield Network Realtime Monitor
Launch Stormshield Network Realtime Monitor, log on to the IPS-Firewall of the main site through
the program and click on the module Logs > VPN. Check that phases 1 and 2 took place correctly
(message “Phase established”):
In the VPN Tunnels module, you can also view the tunnel as well as the amount of data
exchanged:
If this is not the case, look up the section Incident resolution - Common errors below.
Incident resolution - Common errors
Further on in this chapter, the IPS-Firewall of the remote site is called the “initiator”, as it initiates
the setup of the tunnel for the chosen example. As for the IPS-Firewall of the main site, it is called
the “responder”.
Symptom : The tunnel between the appliances has been set up but no traffic seems to go
through it.
Solution: Check your filter rules.Also check the routing between the hosts (client workstation,
intranet server) and their respective gateways (static routing or default gateway).
Symptom: The tunnel cannot be set up.
l No message appears in the module Logs > VPN in Stormshield Network Realtime Monitor on
the “initiator” IPS-Firewall.
l No message appears in the module Logs > VPN in Stormshield Network Realtime Monitor on
the “responder” IPS-Firewall.
Page 413/448 sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
SNS - USER CONFIGURATION MANUAL V.3
HOW TO: IPSEC VPN - AUTHENTICATION BY CERTIFICATE
To Next Page
Loading...
