Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1011101210131014101510161017101810191020
D-59
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
If the VPN connection comes up and the test client can successfully send
traffic across it, then you should look for problems such as these:
The TMS zl Module and the actual remote clients cannot reach each other.
Check the module’s routes and verify that it has a route to the remote
clients (which may not be directly connected to a TMS VLAN as the test
client is).
The firewall access policies do not permit NAT-T traffic.
A device that is between the TMS zl Module and the remote clients may
perform NAT on the clients’ traffic, which can interfere with the VPN. The
module supports NAT-T to deal with this problem, but you must allow
NAT-T traffic through the firewall. Configure access policies that allow
the ipsec-nat-t-udp service between the remote clients and the TMS zl
Module.
If the test client experiences the same problem as the remote clients, you must
continue troubleshooting the connection as described in the sections that
follow.
View VPN Connections.
The first step in troubleshooting a VPN is determin-
ing where the connection fails. You can view VPN connections in the
VPN
>
IPsec
>
VPN Connections
window of the TMS zl Module’s Web browser interface,
as shown in Figure D-12.