TMS zl Management and Configuration Guide ST.1.1.100226
10-99
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
Figure 10-23.IKE Firewall Access Policies for a GRE over IPsec Tunnel
Figure 10-23 illustrates a GRE over IPsec VPN and displays the correct
access policies. Note that this example features the External zone for the
VPN gateway. Your configuration might be different.
If you are missing any of these access policies, add them now. You might
also try configuring policies that permit this traffic to and from each zone
and the Self zone (in case you have mistaken the remote gateway’s zone).
Access policies
External to Self
Permit gre 172.16.24.1 172.16.1.254
Self to External
Permit gre 172.16.1.254 172.16.24.1
Internal zone
External zone
Local VLAN
10.1.0.0/16
Internet
VLAN
172.16.1.0/24
Module =
172.16.1.254
GRE over IPsec
Internet
Remote
gateway
172.16.24.1
Remote
network
10.2.0.0/16
Internal to Zone 1
Permit any 10.1.0.0/16 10.2.0.0/16
Zone1 to Internal
Permit any 10.2.0.0/16 10.1.0.0/16
zl
ProCurve
Gig-T/SFP
zl Module
J8705A
PoE-Integrated 10/100/1000Base-T Ports (1-24) - Ports are IEEE Auto MDI/MDI-X
15
62
3
4
711
128
9
10
13 17
1814
15
16
19
20
23
24
21
22
Use ProCurve
mini-GBICs
and SFPs only
zl
ProCurve
Gig-T/SFP
zl Module
J8705A
PoE-Integrated 10/100/1000Base-T Ports (1-24) - Ports are IEEE Auto MDI/MDI-X
15
62
3
4
711
128
9
10
13 17
1814
15
16
19
20
23
24
21
22
Use ProCurve
mini-GBICs
and SFPs only
Zone1
Tunnel
interface