TMS zl Management and Configuration Guide ST.1.1.100226
10-60
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
Table 10-7. IKE capture Messages
If you do not want to activate the capture command, simply try these tips in
order:
1. Verify that the firewall access policies allow IKE to complete.
Access policies must permit IKE traffic between the TMS zl Module and
the remote clients. You should also create access policies that permit NAT-
T traffic in case an intervening NAT device translates the clients’ or the
module’s IP address.
Example capture Messages Problem Begin Troubleshooting
No messages The module is not receiving or
not accepting the remote
client’s IKE messages.
Step 1 on page 10-60
IP tms1.isakmp > tms2.isakmp: isakmp: phase 1
I ident
IP tms2.isakmp > tms1.isakmp: isakmp: phase 1
R inf
The module and the remote
client’s IKE security settings do
not match.
Step 7 on page 10-63
IP tms1.isakmp > tms2.isakmp: isakmp: phase 1
I ident
IP tms2.isakmp > tms1.isakmp: isakmp: phase 1
R ident
IP tms1.isakmp > tms2.isakmp: isakmp: phase 1
I ident
IP tms2.isakmp > tms1.isakmp: isakmp: phase 1
R ident
IP tms1.isakmp > tms2.isakmp: isakmp: phase 1
I ident[E]
IP tms2.isakmp > tms1.isakmp: isakmp: phase 1
R ident[E]
IP tms1.isakmp > tms2.isakmp: isakmp: phase
2/others I inf[E]
IKE authentication fails:
• The local or remote ID are
incorrect.
• The preshared key is
miskeyed.
• Certificates are
misconfigured (see step 9
on page 10-64).
Step 7 on page 10-63