beautypg.com

A user fails to connect to the vpn, A user fails to connect to the – Nortel Networks NN46120-104 User Manual

Page 163

background image

aaa

163

A User Fails to Connect to the VPN

There can be different reasons for why a user is having difficulty
authenticating to the VPN or why a client connection cannot be
established: the user name or password is wrong, the configured
authentication server cannot be reached, the group name retrieved from
the authentication server does not exist on the VPN Gateway and so on.

To trace the different steps involved in a specific process, for example,
authorization, enter the following command.

>> Main# maint/starttrace

Enter tags (list of all,aaa,dns,ike,ipsec,ippool,ssl,tg,pptp,

upref, ftp,smb,netdirect,netdirect_packet) [all]: aaa,ssl

Enter VPN (or 0 for all VPNs) [0]:

Output mode (interactive/tftp/ftp/sftp) [interactive]:

Enter the desired tag(s) separated by comma, for example,

aaa,ssl

to trace the user authorization and SSL handshake processes, or press
ENTER to trace all processes. To limit tracing to a specific VPN, enter the
desired VPN ID, or press ENTER to view trace information for all domains.

Select the desired output mode.

interactive

. The result is displayed directly in the CLI.

tftp/ftp/sftp

. The result is exported as a file to the specified

TFTP/FTP/SFTP server.

When starttrace is on, different steps in the selected process (tag) is
logged. For sample outputs, see

“aaa” (page 163)

.

To disable tracing, press ENTER to display the prompt, then enter

stoptrace

.

>> Maintenance# stoptrace

aaa

The

aaa

tag logs authentication method, user name, timeouts, group and

profile (base or extended).

Nortel VPN Gateway

User Guide

NN46120-104

02.01

Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

.