Testing a WAN
After you create a VPN connection or Private Nework Connection with ExpressRoute, test it with the Skytap WAN Test tool.
Before you begin
- If the WAN connection is enabled in Skytap, disable it.
- Enable your remote WAN.
- Enabling logging on the remote WAN to capture any potential error messages.
Test the WAN
To test the WAN
- Click Test.
-
Enter an IP address and remote port number from a machine on one of the included remote subnets. Ideally, enter the IP address of a machine that can respond to pings.
If you don’t provide a remote port, Skytap tests the WAN, but skips the TCP port connectivity test.
- Click Test Connection.
- Skytap performs up to four connectivity tests and displays the results. If Phase 1 and Phase 2 pass, the WAN is properly configured and you should continue to Further VPN testing with Skytap environments. If Phase 1 and Phase 2 fail, see Troubleshooting VPN test failures.
Further WAN testing with Skytap environments
To check that traffic can flow between both local and remote subnets, use a VM to test the various protocols you want to use over the WAN (for example, ping, remote desktop, SSH, SMB):
- Click Enable to begin sending traffic through the WAN.
- Connect a Skytap environment to the VPN.
- Test each protocol with a running machine on one of the included remote subnets. For example, to perform a ping test from Skytap to the machine on the remote network, access the VM command line, and type
ping
followed by the IP address on the other side of the VPN. You can also ping by hostname if you have an active DNS server as part of your WAN. If the test is successful, a series of replies indicating that packets were sent and received displays.
Test results and meaning
If the tests pass, the WAN is ready to use. If the tests fail, this can indicate several issues including:
- The network routing isn’t properly configured. Review network firewall logs to confirm traffic and routes.
- The VM operating system firewall is blocking traffic. Many Skytap VMs have their firewalls enabled by default; temporarily disable the firewall before continuing, or allow an ICMP echo function through the firewall.
- The service itself may not be responsive. Check if the service is functional by accessing it locally or within the same network.
For more information, see Troubleshooting VPN issues.