Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1161116211631164116511661167116811691170
10-83
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
Troubleshoot a Site-to-Site IPsec VPN
This section outlines a process for troubleshooting a failed site-to-site IPsec
VPN.
Set up a Test Device. As you troubleshoot the VPN, you must periodically
attempt to establish the VPN to determine whether you have fixed the prob-
lem. To test the site-to-site connection, you must attempt to send allowed
traffic over the VPN from a local endpoint to a remote endpoint. It is a good
idea to set up a test endpoint to send this traffic:
1. Connect the endpoint to a port on the host switch.
2. Assign the switch port to a VLAN on which the module receives traffic
from local devices (local addresses in the IPsec policy traffic selector).
3. Assign the endpoint an IP address in the subnet associated with this VLAN
and configure the TMS zl Module as its default gateway.
4. Attempt to send traffic that should be selected for the site-to-site VPN.
If the traffic selector allows any protocol, you can simply ping a remote
device. Otherwise, attempt to initiate a session of the type permitted over
the VPN.
View VPN Connections. The next step in troubleshooting the VPN is deter-
mining where the connection has failed. You can view VPN connections in the
VPN > Connections > VPN Connections window of the TMS zl Module’s Web
browser interface.