Filter
Top Products
Appendix B. Troubleshooting
• Check that the (on the Logging Configuration page).
A call is established, but there is no voice
• If you use a DMZ Telecommuting Module Type, check on the Surroundings page that you have separated the
clients into correct networks. Clients that can reach each other without using the Telecommuting Module should
be in the same Surroundings network, and clients that must use the Telecommuting Module to reach each other
should be in different Surroundings networks.
• If you use a DMZ or DMZ/LAN Telecommuting Module Type, check that the firewall connected to the
Telecommuting Module does not block the media. See chapter 14, Firewall and Client Configuration, for more
information about which ports should be opened in the firewall.
VPN troubleshooting
No IPsec tunnel established
• Check that VPN negotiation packets (UDP port 500) reach the Telecommuting Module. The other end could be
located behind a NATing device which changes the sender port.
• Check that packets from the other end can reach the Telecommuting Module and vice versa. A failure to do so
could indicate a faulty routing somewhere between the two VPN units or that some blocking device is located
between them.
• Check that the VPN negotiation packets to the Telecommuting Module are addressed to the correct IP address
(the one selected on the IPsec Peers page.
• If preshared secrets are used, check that both units share the same secret. If certificates are used, check that the
right certificates are used.
• If the unit in the other end is no 3Com VCX IP Telecommuting Module, make sure that it uses PFS (Perfect
Forward Secrecy). 3Com VCX IP Telecommuting Module always uses PFS.
• If the unit in the other end is no 3Com VCX IP Telecommuting Module, make sure that it uses 3DES or AES.
3Com VCX IP Telecommuting Module accepts both encryption algorithms.
• Check that the networks to use the VPN tunnel are the same on both VPN units.
IPsec tunnel established, no traffic
• Check that the networks, between which the traffic should be sent, are allowed to use the IPsec tunnel.
• Check that there is a rule to let this traffic through. Check that the rule uses a proper network, service, IPsec peer
and time class.
IPsec tunnel established, no traffic after some time
• Check that the key lifetime for the ISAKMP key is the same for both VPN units.
• Check that the key lifetime for the IPsec key is the same for both VPN units.
Administration troubleshooting
This section describes problems that can arise when administrating the Telecommuting Module.
The Telecommuting Module reverts to the old version when trying to
upgrade
• Check the release note for new error checks, which will make some part of your configuration invalid with the
new software version.
128