Common IPsec VPN Issues

Common IPsec VPN Issues

In this chapter, we will discuss several areas of IPsec virtual private network (VPN) design that commonly present obstacles to successful deployment. We will begin our discussion with a brief overview of the diagnostic tools available within IOS commonly used to diagnose and correct issues with IPsec VPN deployments. After presenting the tools needed to troubleshoot IPsec, we will begin to explore two broad categories of common IPsec VPN issues: configuration and architecture. The IPsec VPN configuration issues we will explore in this chapter include:

  • IKE SA Proposal Mismatches

  • IKE Authentication Failures

  • IPsec SA Proposal Mismatches

  • Crypto ACL Mismatches

Unlike configuration issues, architectural issues do not require a misconfiguration by the administrator. Architectural issues are often introduced by incompatibilities between IPsec and other networking technologies. The architectural IPsec VPN issues we will discuss in this chapter include:

  • IPsec in Firewalled Environments

  • IPsec in NAT Environments

  • IPsec and Quality of Service

  • IPsec and Fragmentation

  • IPsec and Recursive Routing

 Python   SQL   Java   php   Perl 
 game development   web development   internet   *nix   graphics   hardware 
 telecommunications   C++ 
 Flash   Active Directory   Windows