TMS zl Management and Configuration Guide ST.1.1.100226

10-55

Troubleshooting

Troubleshooting the TMS zl Module in Routing Mode

Troubleshooting VPNs

The following sections help you to troubleshoot a VPN connection. The first

section, “VPN Troubleshooting Tools” on page 10-55, provides you with some

basic troubleshooting tools. Other sections provide a process for trouble-

shooting particular types of VPN connections:

■ “Troubleshooting a Client-to-Site IPsec VPN” on page 10-57

■ “Troubleshooting a Client-to-Site L2TP over IPsec VPN” on page 10-69

■ “Troubleshoot a Site-to-Site IPsec VPN” on page 10-83

■ “Troubleshoot a GRE over IPsec Tunnel” on page 10-97

Often troubleshooting a VPN requires careful work checking settings on one

side of the connection against settings on the other. The sections listed above

include several tables intended to help you do so.

VPN Troubleshooting Tools

Throughout the troubleshooting process, you can check the TMS zl Module’s

logs for clues about what is causing the problem. See “Filter for Logs Relevant

to the VPN” on page 10-55.

For more detailed information, you can access the TMS zl Module’s CLI and

use the capture command. See “Use the CLI capture Command to Troubleshoot

the VPN” on page 10-56.

From time to time, you must clear IKE security associations (SA) and IP

security (IPsec) tunnels so that you can see whether your changes have fixed

the problem. See “Clear IKE SAs and IPsec Tunnels” on page 10-57 to learn

how.

Filter for Logs Relevant to the VPN . To view logs in the TMS zl Module’s

Web browser interface, select System > Logging > View Log.

The following filters are useful for troubleshooting an IPsec VPN:

■ Destination IP is [A.B.C.D] (local VPN gateway)

■ Keyword is:

• id=vpn_

• dstport=500 (IKE)

• dstport=1723 (PPTP)

• dstport=1701 (L2TP)

• id=fw