Page 2
Users must take full responsibility for their applications of any products specified in this document. The information in this document is proprietary to Nortel Networks. Export This product, software and related technology is subject to U.S.
New in this release Nortel VPN Gateway Troubleshooting Guide (Part number 324371-A, NN46120-700) is a new document for Nortel VPN Gateway Release 7.0. Some of the contents in this document originally appeared in the following sources: • Application Guide for SSL Acceleration (Part number 216370-D, NN46120-100) •...
Each tool is described by purpose, usage procedures, and how to interpret the output. Prerequisites Nortel recommends you to use one or more of the following commercially available troubleshooting tools as well as the tools described in this document. •...
Enabling proxydebug will use more CPU resource. Make sure to disable it after you finish debugging. Transmit the event log from the Nortel VPN Gateway to a file on a TFTP, FTP, or SFTP server. Specify the IP address or host name of the server as well as the file name.
Hard-disk drive activity LED System power LED ATTENTION Call Nortel for RMA if Amber System status LED can not be cleared. Virtual IP addresses In instances where virtual IP addresses are used without an external load balancer, ensure that the effected services are set to standalone mode.
/stats/sslstats/server # is the host number associated with the current SSL acceleration service. Resetting default configuration To remove all configuration settings from the Nortel VPN Gateway, use the /boot/delete command. This command resets the system to the default settings. Procedure steps Action From the command line, enter this command.
Add agent.lcf in the path <TG-Install-Dir>\resources directory. Reboot the system. Collect TunnelGuard logs from <TG-Install-Dir>log directory. ATTENTION The default path to access TG-Install-Dir is C:\Program Files\Nortel Networks\TunnelGuard\. Attach these logs to the CR. For all users, attach Profiles.ini from %ALLUSERSPROFILE%\A pplication Data\Nortel\TunnelGuard directory.
Recovering using boot.img When you log in as the boot user and perform a reinstallation of the software, the VPN Gateway is reset to its factory default configuration. All configuration data and current software is wiped out, including old software image versions or upgrade packages that may be stored in the flash memory card or on the hard disk.
Upgrading code using .pkg The Nortel VPN Gateway (NVG) software image is the executable code running on the VPN Gateway. A version of the image ships with the VPN Gateway, and comes pre-installed on the device. As new versions of the image are released, you can upgrade the software running on your VPN Gateway.
Page 22
DNS parameters must have been configured. • The name of the software upgrade package (upgrade packages are identified by the .pkg file name extension). When you have gained access to the VPN Gateway, use the following procedure. Procedure steps Step Action To download the software upgrade package, enter the following command at the Main menu prompt.
The IAS checks the Active Directory to validate a username/password when a RADIUS authentication request arrives from the SSL VPN gateway. Further, it returns an attribute in the RADIUS authentication response that will map the user to the correct group/groups in the SSL VPN configuration.
Configuring new Remote Access Policy This section shows the example for a basic set up with only one group available in the SSL VPN gateway. The Remote Access Policy will set the criteria for how the RADIUS authentication request will be processed and it will also perform the user to group/groups mapping.
Click Configure Attribute to continue. Configure VSA RFA Compliant form is displayed. Set the Vendor-assigned attribute number to 1. Specify the name of the SSL VPN gateway group in the Attribute value. Click OK twice to return to the main Vendor-Specific attribute screen.
Troubleshooting LDAP authentication with Active Directory navigation • “Troubleshooting LDAP authentication issues” (page 37) • “Adding a SSL VPN gateway user into the Active Directory” (page 38) • “Configuring the LDAP Attributes” (page 40) Troubleshooting LDAP authentication issues This section explains the steps to set isdbindn and isdbin password, if they are not correctly set.
ATTENTION Use ldap browser to verify search base and ov/~gawor/ldap/ Adding a SSL VPN gateway user into the Active Directory This section explains the steps to add a SSL VPN gateway user into AD. Procedure steps Step Action In the Active Directory Users and Computers screen, select the branch from the tree view.
SSL VPN configuration. With the directory tree looking the way it does above the searchbase would be “OU=Users,DC=Nortel” the userattr would be “UID” and finally the groupattr would be “GID”. Procedure steps...
Creating the Windows group and add a user into that group To allow the SSL VPN gateway to map a Windows user to the test group in the SSL VPN group you need to create a global Windows group with the same name.
Nortel Technical Support. You must attempt to resolve your problem using this troubleshooting guide. Contacting Nortel is a final step taken only when you have been unable to resolve the issue using the information and steps provided in this troubleshooting guide.
A detailed network topology diagram • Log files Getting help from the Nortel Web site The best way to get technical support for Nortel products is from the Nortel Technical Support Web site: http://www.nortel.com/support This site provides quick access to software, documentation, bulletins, and tools to address issues with Nortel products.
To access some Nortel Technical Solutions Centers, you can use an Express Routing Code (ERC) to quickly route your call to a specialist in your Nortel product or service. To locate the ERC for your product or service, go to: http://www.nortel.com/help/contact/erc/...
Users must take full responsibility for their applications of any products specified in this document. The information in this document is proprietary to Nortel Networks. Export This product, software and related technology is subject to U.S.