Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1141114211431144114511461147114811491150
10-67
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
If you do not want to enter the capture command and view the output, try these
tips in this order. (Use the Web browser interface to check these settings.)
1. Check the IPsec traffic selector, which is configured in the IPsec policy:
The protocol, local addresses, and local ports (if configured) must match
exactly the protocol, addresses, and ports configured for the remote
network on the remote client.
The modules remote addresses, on the other hand, must match the
addresses configured for the IKE mode config pool within this IPsec
policy.
Note If you cannot find the misconfiguration, check all network and service
objects used in IPsec policies and verify that they are up-to-date and
accurate.
Caution As you make any changes to the traffic selector, verify that the selector
does not match management traffic (traffic from your management sta-
tion to the TMS zl Module). If it does, you will lock yourself out of the
module.
In addition, the local address must not include the local gateway address.
If necessary, create Bypass IPsec policies to exclude module IP addresses
from the VPN. See “Configure Bypass and Deny IPsec Policies” on page
7-352 and Chapter 7: “Virtual Private Networks.”
2. Check the IPsec security settings.
To establish the IPsec tunnel, the TMS zl Module and the remote clients
must agree on a number of settings. Table 10-10 displays those settings
and how they should match up between the module and the remote