|
Q: Will Katana allow me to have multiple VPN tunnels active simultaneously?
A. Yes, you can have multiple VPN tunnels active at the same time as long as the tunnels do not have overlapping subnets. (The only exception is that one tunnel can use 0/0 as the remote subnet.)
Q: Will Katana allow me to surf the Internet while connected to the VPN?
A. Yes, you can surf the Internet while connected to the VPN as long as none of the active tunnels uses 0/0 as the subnet for the remote site.
Q: Will OmniVPN allow me to view network shares?
A. Yes, you can view all the network shares in your VPN if you turn on the "Allow network shares between LANs" option in the IP Security Policies window.
Q: I cannot access the Internet.
A. This typically happens if the local address of the default gateway router is not in the proxy list. It can also happen if there is a local WINS or DNS server, and OmniVPN is not installed on it, or it is not in the proxy list. Add the IP address of the default gateway router and the local WINS or DNS server, if any, to the proxy list on the local OmniVPN policy server.
If your OmniVPN gateway is behind a cable modem or DSL modem that gives you a routable IP address, then you must add your subnet in the IP Security Policies window on the OmniVPN Top Policy Server computer. You can obtain your subnet by running "ipconfig" in a Command Prompt window.
Another possibility is that you may have denied svchost.exe access to the network. Choose the "Local IDS policy" item from the Window menu and delete the rule for svchost.exe. Then re-start the computer. After the computer starts, you will again be prompted to allow/deny network access to svchost.exe.
Q: I cannot access my network drives.
A. After you install OmniVPN, computers communicate with each other securely. If you have not installed OmniVPN on other computers or have not defined the security policy correctly, you will not be able to access the network drives.
If OmniVPN is installed on the machine you are trying to access, check the security policy and access control rules on the policy server. Also, if you are using Windows XP, avoid using a NetGear network interface card (NIC) because there is a bug in the NetGear software that prevents OmniVPN from working correctly.
If OmniVPN is not installed on the machine you are trying to access, make sure that the IP address of that machine is in the proxy list on the local OmniVPN policy server.
Q: I cannot log onto my domain.
A. If you are not able to log onto the domain, then you must have changed the network access permission for lsass.exe and winlogon.exe. Log on to the local machine, add rules to allow lsass.exe and winlogon.exe to get client/server access on all ports, and then try logging onto the domain.
Q: I am not able to share drives and files on my local network over the VPN.
A. In the IP Security Policies window, confirm that the "Allow network shares between LANs" option at the bottom of the window is checked.
Q: I am not able to ping a computer that is part of my LAN/VPN.
A. Choose the "Global IP firewall policies" item from the Window menu. In the "Allow the following ICMP messages" list, check the "Echo" box and make the changes active.
Q: Internet connection sharing is not working on my machine after I installed Katana/OmniVPN client.
A. For Internet connection sharing to work, you must install Katana/OmniVPN as a gateway/Policy server.
Q: NetMeeting is not working properly.
A. The first thing to try is to stop and restart NetMeeting. The problem occurs because NetMeeting randomly chooses a new port every time it makes a connection and sometimes this port may be a blocked Trojan port listed in the Global IP Firewall blocked port list. If this does not work, check that each local VPN gateway is in the DMZ of its NAT.
Q: OmniVPN is not working when the computer is out of the office.
A. The reason for this could be:
- Incorrect mode. OmniVPN must be in "remote client" mode. Click the "Role" button in the Configuration window.
- Incorrect IP address of the policy server with which to register.
- The security policy between the remote client subnet and the subnet of the remote site may not be set for secure communication.
Q: How do I enable the intrusion detection/prevention system (IDS) on my machine?
A. Click the "Flashlight" icon in the Configuration window to enable/disable IDS.
Q: I have set up a VPN gateway. Local computers can ping the gateway, and I can connect to the Internet from the gateway, but computers behind the gateway cannot connect to the Internet.
A. Check that the VPN gateway has been configured to perform NAT.
Q: My default policy is to allowing all traffic. When I send traffic on a port that is not in the blocked port list, why is the packet still dropped?
A. This occurs when the port is included in the Global IP Firewall blocked port list. OmniVPN will automatically block all traffic from/to such ports even if the default rule is to allow all traffic. If you are sure that the application you are using is safe, you can remove its port from the blocked port list, and the application will work.
Q: I am away from my office and my laptop has been configured to connect back. How can I talk to computers on the local subnet?
A. If your VPN configuration is done correctly, all you need to do is to click on the "Lock" icon in the Configuration window. If the lock icon is closed and green, your VPN is active. An open, red lock icon signifies that there are no VPN connections, which allows your computer to connect to other computers on the local subnet. Machines on the local subnet can connect to you only if the current subnet is in the trusted subnet list.
Q: I have set up a Katana / OmniVPN gateway with a dynamic IP address. How do I set up a VPN connection?
A. For an OmniVPN site-to-site VPN, the network topology is built automatically, so you do not have to do anything.
For a Katana site-to-site VPN, add a global route for each VPN gateway in the "VPN topology" window. Enter the dynamic DNS name of each gateway and the subnet behind that gateway in the route entry.
For a Katana remote access VPN, you must first resolve the dynamic DNS name of the Katana gateway and then enter that IP address in the remote "Public IP address" field of the tunnel configuration.
| 
