Troubleshoot Virtual Private Networks (VPNs)

 
As with the previous section, troubleshooting VPNs is mostly checking the log to see where there may be a configuration issue. There are also a few commands you can run to check the service status and information.
 
To check the service status run the following commands (depending on if its IPSEc or sslvpn-plus)
 

vShield-edge-1-0> show service sslvpn-plus
vShield-edge-1-0> show service ipsec

 
To check the log, SSH into the NSX Edge device and run the following command. You will be looking for entries that show ipsec, F_L2VPN, or sslvpn I have shown examples of each below.
 

vShield-edge-2-0> show log

2015-05-27T00:02:15+00:00 vShield-edge-1-0 config: INFO :: RESOURCE_MGR ::    sslvpn changed
2015-05-27T00:02:15+00:00 vShield-edge-1-0 config: INFO :: RESOURCE_MGR ::      sslvpn->sslvpn:sslvpn
2015-05-27T00:02:15+00:00 vShield-edge-1-0 config: INFO :: R_SSLVPN :: Config SSLVPN resource ...
2015-05-27T00:02:15+00:00 vShield-edge-1-0 config: INFO :: R_SSLVPN :: sslvpn:sslvpn
2015-05-27T00:02:15+00:00 vShield-edge-1-0 config: INFO :: RESOURCE_MGR :: collect output of sslvpn...

2015-05-27T00:02:19+00:00 vShield-edge-1-0 config:  [daemon.info] INFO :: C_ServiceControl :: Stopping ipsec...

2015-05-27T00:02:16+00:00 vShield-edge-1-0 config: INFO :: CONFIG_MGR ::    sslvpn changed
2015-05-27T00:02:17+00:00 vShield-edge-1-0 config: INFO :: CONFIG_MGR ::    l2vpn changed

 
The logs should be able to give you enough information to determine where your mismatch is, or you can always go through and double check your configuration to make sure that you didn’t configure something incorrectly on accident.
 
To go through the configuration of each of the VPNs, please see the following links.
 
L2 VPN
SSL VPN Plus
IPSEC VPN
 
If you are looking for more examples of errors, you can review the Unofficial VCIX-NV Study Guide by Martijn Smit on page 161.
 

Leave A Comment

Your email address will not be published. Required fields are marked (required):

Back to Top