Page 166 / 203 Scroll up to view Page 161 - 165
166
|
Chapter 10:
Troubleshooting
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
If your VPN firewall can obtain an IP address, but your PC is unable to load any Web pages
from the Internet:
Your PC may not recognize any DNS server addresses.
A DNS server is a host on the Internet that translates Internet names (such as www
addresses) to numeric IP addresses. Typically your ISP will provide the addresses of one
or two DNS servers for your use. You may configure your PC manually with DNS
addresses, as explained in your operating system documentation
.
Your PC may not have the VPN firewall configured as its TCP/IP gateway.
Troubleshooting a TCP/IP Network Using a Ping
Utility
Most TCP/IP terminal devices and firewalls contain a ping utility that sends an echo request
packet to the designated device. The device then responds with an echo reply.
Troubleshooting a TCP/IP network is made very easy by using the Ping utility in your PC or
workstation.
Testing the LAN Path to Your VPN Firewall
You can ping the VPN firewall from your PC to verify that the LAN path to your network
storage is set up correctly.
To ping the network storage from a PC running Windows 95 or later:
1.
From the Windows toolbar, click
Start
and choose
Run
.
2.
In the field provided, type “ping” followed by the IP address of the VPN firewall; for
example:
3.
Click
OK.
A message, similar to the following, should display:
Pinging <IP address> with 32 bytes of data
If the path is working, you will see this message:
Reply from <
IP address
>: bytes=32 time=NN ms TTL=xxx
If the path is not working, you will see this message:
Request timed out
If the path is not functioning correctly, you could have one of the following problems:
Wrong physical connections
-
Make sure the LAN port LED is on. If the LED is off, follow the instructions in
“LAN
or WAN Port LEDs Not On”
on page 163.
Page 167 / 203
Chapter 10:
Troubleshooting
|
167
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
-
Check that the corresponding Link LEDs are on for your network interface card
and for the hub ports (if any) that are connected to your workstation and VPN
firewall.
Wrong network configuration
-
Verify that the Ethernet card driver software and TCP/IP software are both
installed and configured on your PC or workstation.
-
Verify that the IP address for your VPN firewall and your workstation are correct
and that the addresses are on the same subnet.
Testing the Path from Your PC to a Remote Device
After verifying that the LAN path works correctly, test the path from your PC to a remote
device. From the Windows run menu, type:
PING -n 10
<
IP address
>
where <
IP address
> is the IP address of a remote device such as your ISP’s DNS server.
If the path is functioning correctly, replies as in the previous section are displayed. If you do
not receive replies:
Check that your PC has the IP address of your VPN firewall listed as the default gateway.
If the IP configuration of your PC is assigned by DHCP, this information will not be visible
in your PC’s Network Control Panel.
Check to see that the network address of your PC (the portion of the IP address specified
by the netmask) is different from the network address of the remote device.
Check that your cable or DSL modem is connected and functioning.
If your ISP assigned a host name to your PC, enter that host name as the Account Name
on the WAN1 ISP Settings or WAN2 ISP Settings screen (see
“Configuring the Internet
Connections”
on page 17).
Your ISP could be rejecting the Ethernet MAC addresses of all but one of your PCs. Many
broadband ISPs restrict access by only allowing traffic from the MAC address of your
broadband modem, but some ISPs additionally restrict access to the MAC address of a
single PC connected to that modem. If this is the case, you must configure your VPN
firewall to “clone” or “spoof” the MAC address from the authorized PC. You can do this on
the WAN1 Advanced Options or WAN2 Advanced Options screen (see
“Configuring the
Advanced WAN Options (Optional)”
on page 28).
Restoring the Default Configuration and Password
This section explains how to restore the factory default configuration settings, changing the
VPN firewall’s administration password to
password
and the IP address to
192.168.1.1
. You
can erase the current configuration and restore factory defaults in two ways:
Restore the network storage to factory default settings from the Settings Backup and
Firmware Upgrade screen (see
“Reverting to Factory Default Settings”
on page 145).
Page 168 / 203
168
|
Chapter 10:
Troubleshooting
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
Use the reset button on the rear panel of the VPN firewall. Use this method for cases
when the administration password or IP address is not known.
To restore the factory default configuration settings without knowing the administration
password or IP address, you must use the reset button on the rear panel of the VPN firewall.
To restore the factory defaults:
1.
Press and hold the reset button until the Test LED begins to blink (about 10 seconds).
2.
Release the reset button and wait for the VPN firewall to reboot.
Problems with Date and Time
The Time Zone screen displays the current date and time of day. The VPN firewall uses the
Network Time Protocol (NTP) to obtain the current time from one of several Network Time
Servers on the Internet. Each entry in the log is stamped with the date and time of day.
Problems with the date and time function can include:
Date shown is January 1, 2000. Cause: The VPN firewall has not yet successfully
reached a Network Time Server. Check that your Internet access settings are configured
correctly. If you have just completed configuring the VPN firewall, wait at least five
minutes and check the date and time again.
Time is off by one hour. Cause: The VPN firewall does not automatically sense Daylight
Savings Time. Go to the Time Zone screen (see
“Configuring Date and Time Service”
on
page 146), and select or cleare the
Automatically Adjust for Daylight Savings Time
checkbox.
Using the Diagnostics Utilities
Note:
For normal operation, diagnostics are not required.
You can perform diagnostics such as pinging an IP address, performing a DNS lookup,
displaying the routing table, rebooting the network storage, and capturing packets.
Page 169 / 203
Chapter 10:
Troubleshooting
|
169
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
Select Monitoring > Diagnostics from the menu.
Table 10-7.
Diagnostics
Item
Description
Ping or trace an IP
address
Ping – Used to send a ping packet request to a specified IP address—most often, to
test a connection. If the request times out (no reply is received), it usually means that
the destination is unreachable. However, some network devices can be configured
not to respond to a ping. The ping results will be displayed in a new screen; click
“Back” on the Windows menu bar to return to the Diagnostics screen.
If the specified address is intended to be reached through a VPN tunnel, check
Ping
through VPN tunnel
.
Traceroute – Lists all routers between the source (this device) and the destination IP
address. The traceroute results will be displayed in a new screen; click “Back” on the
Windows menu bar to return to the Diagnostics screen.
Perform a DNS
lookup
A DNS (Domain Name Server) converts the Internet name (for example,
www.netgear.com) to an IP address. If you need the IP address of a Web, FTP, Mail
or other Server on the Internet, you can request a DNS lookup to find the IP address.
Display the routing
table
This operation will display the internal routing table, which can be used by Technical
Support to diagnose routing problems.
Reboot the VPN
firewall
Used to perform a remote reboot (restart). You can use this if the VPN firewall seems
to have become unstable or is not operating normally.
Note
: Rebooting will break any existing connections either to the VPN firewall (such
as a management session) or through the VPN firewall (for example, LAN users
accessing the Internet). However, connections to the Internet will automatically be
re-established when possible.
Packet trace
Packet Trace selects the interface and starts the packet capture on that interface.
Page 170 / 203
Appendix A:
Default Settings and Technical Specifications
|
170
Default Settings and Technical
Specifications
A
You can use the reset button located on the rear panel to reset all settings to their factory
defaults. This is called a hard reset.
To perform a hard reset, press and hold the reset button for approximately 10 seconds
(until the Test LED blinks rapidly). Your device will return to the factory configuration
settings shown in
Table A-1
.
Pressing the reset button for a shorter period of time will simply reboots your device.
Table A-1.
VPN firewall Default Configuration Settings
Feature
Default Behavior
Router Login
User Login URL
User Name (case sensitive)
admin
Login Password (case sensitive)
password
Internet
Connection
WAN MAC Address
Use Default address
WAN MTU Size
1500
Port Speed
AutoSense
Local Network
(LAN)
LAN IP Address
192.168.1.1
Subnet Mask
255.255.255.0
RIP Direction
None
RIP Version
Disabled
RIP Authentication
Disabled
DHCP Server
Enabled
DHCP Starting IP Address
192.168.1.2
DHCP Ending IP Address
192.168.1.100

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top