Monday, April 29, 2013

VPN troubleshooting: Isolating VPN session timeout issues

Depending on the vendor your company uses, the location from which you’re trying to establish a VPN connection, and other factors, a user could come up with a hundred different possible issues with authenticating to a VPN. Here are some areas to look at first regarding the stability of a VPN connection.

One of the first things to do when troubleshooting a VPN session timeout or lockout issues is to determine the user’s location. It’s important because if a user can always connect while he or she is at home, but can never connect on an open Wi-Fi connection at the local coffee house, that should enable isolation of the issue quickly. This is one of the simplest forms of VPN troubleshooting, but can save a lot of time during the process.

Another way to start determining the root cause of the VPN issue is to ask the user to connect to the VPN both on the WLAN and the wired LAN. The majority of VPN connections these days are connected wirelessly. In the past, I’ve noticed certain vendor agents are less tolerant of network loss due to the poor strength of a Wi-Fi connection, which could result in VPN stability issues. If a user is able to connect via the wired LAN without any issues, but has an issue periodically with the WLAN, start troubleshooting the agent logs and the origin of the logon attempts with an eye toward wireless-related issues.

There’s also the issue of timeout periods for users. I’ve seen many default values around timeouts, such as idle connections after 10 minutes, and a max session at 60 minutes with a reminder of five minutes before timeout. This might not suit all users, so these values could be reworked to fit the needs of the company and user population. This could be an issue where the defaults are too low for what the user needs the session for; this is especially true in SSL VPNs.

When using IPSec, verify the connection settings of your phase 1 and phase 2 rekey policies. The phase 1 policy will be able to go down without an issue and rekey, but if your phase 1 and phase 2 timers go down at the same time, there’s the potential for a timeout or longer connection time.

Read the rest of my article for searchsecurity.techtarget.com here.

11 comments:

  1. I definitely enjoying every little bit of it. It is a great website and nice share. I want to thank you. Good job! You guys do a great blog, and have some great contents. Keep up the good work. visit website

    ReplyDelete
  2. definately enjoy every little bit of it and I have you bookmarked to check out new stuff of your blog a must read blog! https://prywatnoscwsieci.pl

    ReplyDelete
  3. I would state, you do the genuinely amazing.This substance is made to a wonderful degree well. https://privatnostonline.com

    ReplyDelete
  4. Should you feel find it difficult to, you undoubtedly is not able to; If you don't intend, to have failing. Things are subject to intellect, reduction of hundreds exercises are hopeless prior to starting. www.lemigliorivpn.com

    ReplyDelete
  5. I love significantly your own post! I look at all post is great. I discovered your personal content using bing search. Discover my webpage is a great one as you.I work to create several content this post. Once more you can thank you and keep it create! Enjoy! gizlilikveguvenlik

    ReplyDelete
  6. I personally like your post; you have shared good insights and experiences. Keep it up. privacidadenlared

    ReplyDelete
  7. Thanks for posting this info. I just want to let you know that I just check out your site and I find it very interesting and informative. I can't wait to read lots of your posts. https://diadiktiokaiasfalia.com

    ReplyDelete
  8. I definitely enjoying every little bit of it. It is a great website and nice share. I want to thank you. Good job! You guys do a great blog, and have some great contents. Keep up the good work. I really appreciate this wonderful post that you have provided for us. I assure this would be beneficial for most of the people. internetprivatsphare.ch

    ReplyDelete
  9. I am glad to locate your recognized method for composing the post. Presently you make it simple for me to comprehend and actualize the idea. Much obliged to you for the post.  lesmeilleurs vpn

    ReplyDelete
  10. This is extremely fascinating substance! I have completely delighted in perusing your focuses and have reached the conclusion that you are right about a hefty portion of them. You are extraordinary.  vpn austria

    ReplyDelete
  11. I have added and shared your site to my social media accounts to send people back to your site because I am sure they will find it extremely helpful too. mejoresvpn

    ReplyDelete