You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

How to troubleshoot VPN connectivity issues and faults in VPNaaS

Question
25
Views
0
Comments
edited Jun 26, 2018 1:38PM in EPM Platform

Summary

General Troubleshooting and Configuration Considerations When Creating or Modifying VPNaaS

Content

1.      Make sure the Internet Key Exchange (IKE) and Internet Protocol Security (IPSEC) timeouts on the VPNaaS and the 3rd party device agree

  • Authentication: pre-shared keys
  • Encryption: 3DES, AES 128, AES 192, AES 256
  • Hash: MD5, SHA1, SHA2
  • Policy Group: Diffie-Hellman groups supported are 2, 5, 14, 22, 23, 24
  • Recommend using PFS from a security viewpoint.

Phase1 / IKE

  • IKE ID must match (proposed vs. expected)
  • Lifetime must match
  • Double Check Pre-Shared Key (PSK)

Phase2 / IPSec

  • NAT-T is a requirement of OCI Classic (OCI-C)
  • Lifesize unlimited
  • Lifetime must match
  • remove idle timeout

2.  Configure the on-premise VPN device to be responder-only as the VPNaaS will always make sure tunnel is up (barring networking issues between OCI-C and the on-premise VPN).

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!