Troubleshooting Guide for Firepass Sslvpn

Troubleshooting guide for firepass sslvpn

Manual

September 2005 -- Version 1.0

Contents

1 Overview Error! Bookmark not defined.

2 Occuring Problems Error! Bookmark not defined.

Troubleshooting guide for firepass sslvpn

Occurring Problems

1 Overview

General Description

This document serves as a troubleshooting guide for common Firepass SSLVPN issues. It is listed in FAQ format; indexed for easy access.

Supported Platforms: All features on SAP machines with Windows 2000/XP. WTS can be used with non-SAP machines. Other operating systems including all other Windows platforms (ex. 9x, Millenium, NT) are supported on customer machines for demo purposes with limited functionality.

2 Occurring Problems

I am able to log into the connect.sap.com login page, but when I click to dial the SSLVPN or a terminal Server in My Terminal Servers, it does not connect and often produces the error: Could not connect to "VPN Server" or "Terminal Server." In order to troubleshoot this connection issue, please use the following steps.

1. Make sure you run Windows 2000 or XP SAP Images with a version of Internet Explorer later than 5.x.

2. Make you are logged in with Administrative Privileges on the machines.

3. Make sure the browser security settings allow the downloading and running of Active X controls. Go to "Tools" > "Internet Options" > "Security" tab > click on the Internet Icon > click on custom level. Then with every Active X reference listed, make sure it is set to either "enable" or "prompt." Then click "OK."

4. Make sure the user proxy settings are correct

a. For cable modems and non-proxy environments, only have "Use automatic configuration script" checked with the address "http://proxy:8083" inserted. All other settings should be unchecked (see userguide).

b. For use at customer sites, the customer proxy settings should be inserted in the browser.

5. Make sure the user is not running pop-up killer software.

6. Check to see if the user is running a personal firewall (you may want to disable the personal firewall to continue your troubleshooting).

I get disconnected with the error "Route table has changed, this presents a security violation" after running my script to change the routing table so I can either print locally, or connect to machines on my local network.

This is by design. Adding a route to bridge the SAP Network with another network is known as split tunneling and is prohibited by the network security policy in SAPNet. In this case please re-connect.

I get dropped from Firepass after 1 hour of inactivity.

This is by design. There is a network inactivity timer that is reset after a sustained traffic flow of < 600bytes of data over a 1 minute average. When this data rate is achieved, the timer is reset for another hour. This threshold is an attempt to balance security and usability.

stand alone client.

The Stand alone client relies on the internet explorer browser settings for making connections the the selected gateway (ie Walldorf or Philadelphia) If your internet Explorer is set to offline (file>work offline) the stand alone client will give an error message.

Error: The download of the specified resource has failed.

To correct the problem you will have to open Internet explorer, go to File>and make sure there is not a check next to work offline. Close the Stand alone client and reopen.