Skip to main content

Network Troubleshooting tools on VMware UAG

When setting up the Unified Access Gateway (UAG) for the first time you might run into network issues or trying to prove to your network team that a port is not open.

The options you have when doing this troubleshooting include 5 tools (Ping, nslookup, tracepath, curl, and tcpdump) from the UAG console interface. Another tool that might help is wireshark to run on your connection servers or VDI desktops.

Using nslookup to check DNS:

First make sure that DNS is working by using nslookup command from the UAG console. This should be tested on the following items.

  1. Connection Server FQDN
  2. Load Balanced VIP for Internal Connection servers
  3. Should also check that your External URL can be resolved on public DNS.

Using Ping to troubleshoot UAG network issues:

Next check basic network connectivity with ping by running the ping command from the UAG console. This should be tested for the following items.

  1. Ping each internal connection server
  2. Ping the load balanced VIP for Internal connection servers.
  3. Ping one of each of your desktops per subnet.

Using curl test TCP ports between UAG and Internal network:

Next you can check to see if TCP ports are open between the UAG and Connection server / Desktop. Using the below commands to do this task.
  1. curl -v -k http://:443
  2. curl -v -k http://:443
  3. curl -v -k http://:2443

Using tcpdump to test UDP ports between UAG and Internal network:

After working on a issue I learned from VMware support that you can install tcpdump on a UAG. This seems to be included in UAG 3.2 version. After logging into the console of the UAG run the following /etc/vmware/gss-support/install.sh at the command line.

The below commands assumes that only one NIC has been configured on the UAG if you are using  more then one NIC you will need to change eth0 to the correct eth port.

Run the following command to test port 443 connection between external client and UAG.
tcpdump -i eth0 –v tcp port 443

Run the following command to test port 8443 connection between external client and UAG.
tcpdump -i eth0 –v udp port 8443

Run the following to test UDP 22443 connection between UAG and Desktop
tcpdump -i eth0 -v udp port 22443

If UDP is blocked then run the following to check if the traffic has failed over to TCP
tcpdump -i eth0 –v tcp port 22443

Using tracepath to trace the route of network hopes between UAG and Internal network resources:

  1. tracepath "Connection Server FQDN"
  2. tracepath  "VDI FQDN"   
Last you can use wireshark to check connectivity from the desktop or connection server. This can be done by loading wireshark on the connection server or desktop and running a capture from there.

Comments