Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1011101210131014101510161017101810191020
D-57
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
Analyze the capture Messages More Closely. Follow these steps to ana-
lyze the establishment of the VPN connection in more detail:
1. Enter this command to copy the packet trace for IKE messages to a file:
hostswitch(tms-modules-C)# capture file vlan<id> dp
500 ip udp
Note If you want to capture all packets, you can do so by ending the command
after vlan<id>. However, best practice is to copy as few packets as
necessary.
2. Copy the packet trace file to a TFTP, FTP, or Secure Copy (SCP) server.
Use one of the following commands:
hostswitch(tms-modules-C)# copy pcap tftp <destination
server IP address> <destination filename>
hostswitch(tms-modules-C)# copy pcap <ftp | scp>
<destination server IP address> <destination filename>
user <username>
3. Copy the file from the server to your management station. Open the packet
trace file in a network protocol analyzer such as Wireshark to examine
the packet contents and trace the tunnel negotiation.
Note If the packet trace does not give enough detailed information, you can try
setting the VPN key exchange mode to aggressive (in both the module’s and
the client’s IKE policy). Aggressive mode transmits more data in plain text
than main mode does. This can make it easier to identify mismatches in the
configuration.
The sections for troubleshooting specific types of VPN connections contain
more information to help you interpret the capture messages.
Clear IKE SAs and IPsec Tunnels. During the course of troubleshooting,
you might need to clear IKE SAs or IPsec tunnels to force the connection to
re-establish itself with the new settings.