Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1011101210131014101510161017101810191020
D-56
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
VPN Troubleshooting Tools
Throughout the troubleshooting process, you can check the TMS zl Module’s
logs for clues about what is causing the problem. See “Filter for Logs Relevant
to the VPN” on page D-56.
For more detailed information, you can access the TMS zl Module’s CLI and
use the capture command. See “Use the CLI capture Command to Troubleshoot
the VPN” on page D-56.
From time to time, you must clear IKE security associations (SA) and IP
security (IPsec) tunnels so that you can see whether your changes have fixed
the problem. See “Clear IKE SAs and IPsec Tunnels” on page D-57 to learn how.
Filter for Logs Relevant to the VPN . To view logs in the TMS zl Module’s
Web browser interface, select System > Logging > View Log.
The following filters are useful for troubleshooting an IPsec VPN:
Destination IP is [A.B.C.D] (local VPN gateway)
Keyword is:
id=vpn_
dstport=500 (IKE)
dstport=1723 (PPTP)
dstport=1701 (L2TP)
id=fw
Use the CLI capture Command to Troubleshoot the VPN. To enter this
command, access the TMS zl Module’s CLI from the host switch using this
command:
hostswitch(config)# services <slot_id> 2
Use the following command to display IKE messages (messages related to the
establishment of the VPN tunnel):
hostswitch(tms-modules-C)# capture terminal vlan<id> dp
500 ip udp
Note To view more of the log message, configure your terminal program to show
more than 80 columns.