In daily work of an enterprise, VPN is a convenient and practical networking method. VPN can shield the geographical limitations, especially suitable for companies with large geographic spans. Therefore, maintenance of VPN servers is one of the most important tasks for network engineers. This article will introduce several common methods for diagnosing VPN faults, and hope to help network engineers.
Windows Remote Access Server allows VPN customers to identify and transparently connect to the internal network, just like directly connecting to the network. This allows users to remotely work in a secure manner. This article mainly introduces some common problems that should be solved on the server side when checking for VPN connection faults.
When a VPN user connects to the server, problems may occur in the remote access server. The VPN Server must be properly configured to allow remote access. If you encounter a connection problem, verify that the client settings are correct and that the end user has the ability to connect to the server. Follow these steps:
1. Verify that the server has enabled the function of allowing remote access.
Follow these steps:
Check the Routing and Remote Access Plug-in --> properties --> General, and verify that the remote access server dialog box has been selected.
2. Verify the identity recognition provider.
Check the Routing and Remote Access Plug-in --> properties --> Security, and verify whether RADIUS or Windows identity is selected.
3. authentication method.
Check the Routing and Remote Access Plug-in --> properties --> Security, and select the certificate mechanism. This is usually a form of Challenge Handshake Authentication Protocol (CHAP ). This server also has other settings that must be properly configured, including IP routing, DHCP, and PPP. The verification steps for these settings are as follows:
1) Verify that the server has enabled the function of allowing IP routing.
Take the following steps:
View the Routing and Remote Access Plug-in --> properties --> IP tag, and verify that the server has been set to allow IP routing. Verify that the server has been set to allow IP-based Remote Access and dial-up connections.
2) Verify that the server has been set to an allocable IP address.
This step can be completed through a batch of static addresses or DHCP. Check the Routing and Remote Access Plug-in --> properties --> IP tag, but click DHCP or static address pool. If you click an address pool, you must set a large number of addresses.
This is the basic settings of the windows VPN Server. There are also many other features related to VPN sessions, such as identity recognition and encryption. These functions can also cause faults. The best way is to try to connect users and identify a simple session. Cancel all connections except the standard connection. Then, you can add additional security features to this session.