TMS zl Management and Configuration Guide ST.1.0.090213
D-92
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
3. Check routes in the Network > Routing > Static Routes window and verify
that the correct routes are in place.
In a site-to-site VPN, the TMS zl Module must have a route to:
• The endpoints behind the remote gateway
• The remote gateway
If the module uses a default route to reach the remote gateway, that route
suffices for the remote endpoints as well. However, when the TMS zl
Module has a specific route to the remote VPN gateway, you must add a
route to the remote network beyond the gateway. Use the same next-hop
as the route to the remote gateway, as shown in Figure D-23.
Figure D-23. Routes for a Site-to-Site VPN
4. Check the IPsec policy, and verify that it uses the IKE policy that you
configured for the site-to-site connection. Also verify that the traffic
selector is configured correctly. The protocol, local address, local port (if
any), remote address, and remote port (if any) must match the traffic that
you are attempting to send from the test client.
Note Check all network objects used in the IPsec policy and verify that they are
up-to-date and accurate.
Routes
172.16.24.0/24 through 172.16.1.1
192.168.5.0/24 through 172.16.1.1
Internal zone
External zone
Server VLAN
10.1.30.0/24
Internet
VLAN
172.16.1.0/24
Module =
172.16.1.254
zl
ProCurve
Gig-T/SFP
zl Module
J8705A
PoE-Integrated 10/100/1000Base-T Ports (1-24) - Ports are IEEE Auto MDI/MDI-X
15
62
3
4
711
128
9
10
13 17
1814
15
16
19
20
23
24
21
22
Use ProCurve
mini-GBICs
and SFPs only
zl
ProCurve
Gig-T/SFP
zl Module
J8705A
PoE-Integrated 10/100/1000Base-T Ports (1-24) - Ports are IEEE Auto MDI/MDI-X
15
62
3
4
711
128
9
10
13 17
1814
15
16
19
20
23
24
21
22
Use ProCurve
mini-GBICs
and SFPs only
Internet
VPN gateway
172.16.24.253
Remote
network
192.168.5.0/24
IPsec connection