You want to ensure that you have all pertinent information needed to troubleshoot a VPN issue.

Solution:

Fill out the following table for each end-point of the tunnel

1.  Local Site Info:

Phase 1

- Encryption Strength (3Des, Des, AES256) =
- Encryption Integrity (MD5, SHA1) =
- Diffie-Hellman Group for IKE (phase 1) (group 1, 2, 5) =
- Renegotiate IKE (phase 1) (1400 minutes) =
- Support Aggressive mode (yes, no) =

Phase 2

- Encryption Strength (3Des, Des, AES256) =
- Encryption Integrity (MD5, SHA1) =
- Use Perfect Forward Secrecy (if yes what group) =
- Renegotiate IPsec (3600 seconds) =

2. Are you using Pre-Shared secrets or Certificates?

3. Are they able to establish the tunnel one-way? If so which way?

4. What are the IP addresses that you are testing from and two in your encryption domains?

5. What is the IP address and name of the security gateway in question?

6. What is the IP address and name of the remote VPN site? Also, what is the type of VPN appliance being used?

1. Remote Site Info:

Phase 1

- Encryption Strength (3Des, Des, AES256) =
- Encryption Integrity (MD5, SHA1) =
- Diffie-Hellman Group for IKE (phase 1) (group 1, 2, 5) =
- Renegotiate IKE (phase 1) (1400 minutes) =
- Support Aggressive mode (yes, no) =

Phase 2

- Encryption Strength (3Des, Des, AES256) =
- Encryption Integrity (MD5, SHA1) =
- Use Perfect Forward Secrecy (if yes what group) =
- Renegotiate IPsec (3600 seconds) =