Problem solve Get help with specific problems with your technologies, process and projects.

Remote-access VPN troubleshooting 101

Should you find yourself suddenly given the task of supporting your company's remote-access VPN, Robbie Harrell recommends a systematic approach to learning the ropes.

So you are new to the virtual private network (VPN) world and you have just been assigned the duties of supporting...

your company's remote-access VPN solution due to the last administrator quitting. You consider yourself a pretty savvy customer when it comes to technology and IT solutions, but you have no experience with remote-access VPNs. You want to make sure you can execute the job of supporting the deployed remote access solution so you can impress your boss as to your ability to handle this assignment.

This is not an uncommon scenario, nor is it uncommon for folks to be thrown into the fire to support technology they do not necessarily understand. The initial reaction is to immediately jump into the education process. This is done via a variety of methods including Internet research, publications and for-fee training. While all of these may seem like a logical first step, I want to propose a different approach. The approach presented here follows a logical progression to understanding technology so that a roadmap can be developed for supporting, modifying, updating or optimizing an installed solution.

First things first: Understand the requirements:

This step entails understanding what purpose the VPN solution serves and the scope of the VPN services offered. Try to answer the following questions:

  1. Who currently utilizes the VPN solution?
  2. Who may need to use the VPN solution in the future?
  3. What areas of the environment do VPN users have access to?
  4. What areas of the environment will VPN users need to access?
  5. From where do users need to access the network? Home? Hotels? Domestic? International?

Second: Understand the deployed solution -- component level

This is the process of discovering what products and technologies are currently in place to provide VPN services and how those products integrate into the environment. Most VPN solutions are client and server based, so documenting the aspects of this will help you understand the different areas that may require focus when isolating trouble spots. Try to gather the following at a minimum:

  1. What VPN client hardware and software is deployed?
  2. What VPN server hardware and software is deployed?
  3. How does the equipment interconnect into the backend network?
  4. Where do VPN users enter the network?
  5. What maintenance and support agreements are in place for any of the above?

Third: Understand the services supported

This is the process of discovering services are available via the technology and components that are deployed. Basically, this is a "what can the products I have purchased provide?" type question. This is a very critical step as it can provide you with the areas that you need to educate yourself on to support the VPN solution that is deployed within your environment. To understand the services supported, the best places to start are the user guides and Web pages for the vendors that have supplied the equipment.

More on this topic

Crash Course: VPNs

Browse more VPN tips


My next article will focus on some troubleshooting steps for actual VPN problems.

Robbie Harrell (CCIE#3873) is the National Practice Lead for Advanced Infrastructure Solutions for SBC Communications. He has over ten years of experience providing strategic, business and technical consulting services. Robbie resides in Atlanta, and is a graduate of Clemson University. His background includes positions as a Principal Architect at International Network Services, Lucent, Frontway and Callisma.
As you can see, this approach is a structured approach that facilitates gaining an understanding of the VPN solution to determining how to educate yourself on troubleshooting it. It is amazing how folks just dive right into the manual and learn about things totally irrelevant to their environment. By executing the basic steps above, you will be much better prepared to troubleshoot the VPN environment as you will actually understand the solution from a component level, from a service/functionality level and from a perspective of what requirements or capabilities it is providing.
This was last published in February 2006

Dig Deeper on Network Security