• Administrator overview
• Managing users and permissions
  • User roles and access permissions
  • Creating users
  • Editing users
  • Unlocking a user account
  • Resending a user activation link
  • Deleting or deactivating users
  • Using groups
  • Managing departments
  • Managing passwords and password policies
  • Setting account-wide access policies
  • Changing a resource owner
  • Using Single Sign-On (SSO)
    • Using Single Sign-on (SSO) with Azure Active Directory (AAD)
    • Configuring an ADFS claim rule for SSO
• Managing account-wide settings
  • Adding container registries
• Managing public IP addresses
• Managing WANs
  • Overview: VPNs
    • Creating a VPN
      • VPN configuration parameters
        • AWS VPC: VPN configuration example
        • Azure VPN: VPN configuration example
        • Cisco ASA: VPN configuration example
        • Cisco IOS: VPN configuration example
        • Juniper SRX: VPN configuration example
        • pfSense: VPN configuration example
        • strongSwan: VPN configuration example
  • Overview: Skytap on Azure ExpressRoute connections
    • Creating a Skytap on Azure ExpressRoute connection
    • Creating a customer-managed Skytap on Azure ExpressRoute connection
  • Testing the WAN
    • Troubleshooting VPN test failures
  • Connecting an environment network to a WAN
  • Configuring WAN access controls
  • Editing an existing WAN connection
  • Disable a WAN
• Managing Metered RAM and storage usage
  • How usage is calculated
  • Viewing current usage and enabling pay-as-you-go capacity
  • Reserved capacity for Skytap on Azure
  • Reserved capacity for Skytap on IBM Cloud
  • Setting usage limits
  • Setting up notifications
  • VM pinning
• Reporting overview
  • Viewing and exporting user information
  • Viewing and exporting group information
  • Generating department reports
  • Generating audit reports
    • Configuring the webhook service for audit data
  • Viewing usage data
    • Using labels for in-depth reporting
    • Creating usage label categories
    • Configuring the webhook service for usage data
  • Enabling other users to generate reports
• Security best practices
• Other best practices
• Sharing templates with users in other Skytap accounts
• Finding the source environment from a sharing portal URL
• Including your logo in the Skytap interface

Troubleshooting VPN test failures

VPN test failures

The Skytap VPN Test tool uses a multi-phase test process. If you have multiple test failures, troubleshoot them in the order listed below.

If this stage fails…	It means…	Try this…
Phase 1	The IP addresses are incorrect, or one or more of the Phase 1 parameters listed on the Skytap VPN details page don’t match the VPN device you’re connecting to.	Verify the IP addresses and the parameters for the VPN device.
Phase 2	The VPN was unable to establish a VPN tunnel to the test subnet. Phase 2 parameters don’t match the VPN device you’re connecting to.	Verify the parameters for the VPN device.
Ping Remote Address	The VPN was able to negotiate the tunnel, but was unable to receive a response to the ping test. The remote target is unable to respond due to a firewall within the guest operating system or there is a routing failure on the remote side.	Verify that the remote target has no routing failures or blocking firewall rules. Check if the VPN is configured to block ICMP ping connections.
Connect To Remote Port	The VPN tunnel was successfully created and pinged, but the specific port did not respond.	Verify that the port is open and that no firewall rules block this connection.

For more information, see Creating a VPN connection to your Skytap account.

Connectivity issues

If there is no active VPN connection at all:

• Make sure the Skytap VPN is attached to a Skytap environment network.
• Make sure the attached Skytap environment has at least one running VM.

If your VPN connection occasionally drops, try the following troubleshooting steps:

• Review your SA key lifetimes to make sure they match.

• Confirm Phase 1 DPD is enabled on both endpoints or disabled on both endpoints; the endpoints must match. We recommend enabling Phase 1 DPD on both endpoints.

  Skytap doesn’t support third-party Phase 2 DPD; if your corporate endpoint uses Phase 2 DPD, we recommend that you disable it.

• Confirm that the Skytap SA policy level matches your VPN endpoint.
• Review the logs on your VPN device for additional information. You can also contact Skytap Support (support@skytap.com) for a copy of the corresponding VPN logs from Skytap.

Poor performance

If you experience poor performance over an active VPN tunnel, try the following troubleshooting steps:

• Test your bandwidth to make sure you have a good connection to the region your VM resides in. See Testing bandwidth and latency with Speedtest.
• If you suspect you’re observing file fragmentation, set a maximum segment size (MSS) between 1300-1400 on both VPN endpoints.
• Perform basic network tests over the VPN to identify issues over the public Internet or with your ISP. For more information, see Troubleshooting network performance issues. You can also review your packet captures.

Inconsistent performance over different subnets

If you can pass traffic over one subnet but not all subnets, this may be caused by an unmatched SA policy level.