Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1011101210131014101510161017101810191020
D-58
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
Clear IKE and IPsec SAs on the TMS zl Module.
Follow these steps to clear SAs from the module’s Web browser interface:
a. Select VPN > IPsec > VPN Connections.
b. Click the Flush link next to the IKE SA or IPsec tunnel that you want
to clear.
Clear a VPN connection on the client.
If you are troubleshooting a client-to-site VPN, you might need to clear
the VPN connection from the client’s side.
For example, to clear the connection on an HP ProCurve VPN client, right-
click the ProCurve VPN icon in the system tray and select Disconnect >
<My Connection>. Alternately, right-click the ProCurve VPN icon and select
Reload Security Policy.
Troubleshooting a Client-to-Site IPsec VPN
The sections that follow outline a process and provide tips for troubleshooting
a client-to-site VPN that uses the IPsec protocol.
Set up a Test Client. As you troubleshoot the VPN, you must periodically
check various settings on the remote client and try to re-initiate the connec-
tion. It is a good idea to create a test client for this purpose:
1. Connect the endpoint to a port on the host switch.
2. Assign the switch port to the VLAN on which module receives traffic from
remote clients (this is also the forwarding VLAN in the route to these
clients).
For example, if the remote clients connect through the Internet, you
should assign the switch port to the VLAN on which the TMS zl Module
connects to the Internet router.
3. Assign the endpoint an IP address in the subnet associated with this VLAN
and configure the TMS zl Module as its default gateway.
4. On the test client, configure the same VPN settings that are used by your
remote users.
5. Attempt to initiate a VPN connection.