Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1011101210131014101510161017101810191020
D-55
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
Troubleshooting Problems with Downloading the IDS/IPS
Signatures
After you register your IDS/IPS signature subscription, you should be able to
download the latest signatures from the HP ProCurve Networking update
server. For step-by-step instructions on downloading these signatures, see
“Download Signatures” in Chapter 6: “Intrusion Detection and Prevention.”
If the TMS zl Module is unable to download the signatures correctly, use the
error message you receive to troubleshoot and resolve the problem. For
example, if you receive the error message, “Unable to resolve domain name,”
you should check the module’s DNS settings.
Depending on the error message you receive, you should check the following:
The IDS/IPS subscription license is still valid.
The appropriate access policy exists to allow the download:
Direct connection—The access policy permits HTTPS from Self to
the zone associated with Internet access.
Proxy connection—The access policy permits traffic using the proxy
port from Self to the zone that includes the proxy server.
DNS is configured correctly, so that the TMS zl Module can resolve
tmsupdate.procurve.com or the proxy server.
The appropriate access policy exists to allow DNS traffic between the
TMS zl Module (Self) and the DNS server’s zone.
Troubleshooting VPNs
The following sections help you to troubleshoot a VPN connection. The first
section, “VPN Troubleshooting Tools” on page D-56, provides you with some
basic troubleshooting tools. Other sections provide a process for trouble-
shooting particular types of VPN connections:
“Troubleshooting a Client-to-Site IPsec VPN” on page D-58
“Troubleshooting a Client-to-Site L2TP over IPsec VPN” on page D-71
“Troubleshoot a Site-to-Site IPsec VPN” on page D-85
“Troubleshoot a GRE over IPsec Tunnel” on page D-99
Often troubleshooting a VPN requires careful work checking settings on one
side of the connection against settings on the other. The sections listed above
include several tables intended to help you do so.