TMS zl Management and Configuration Guide ST.1.1.100430
10-53
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
4. Create or modify the permanent access policy based on the connectivity
information provided by the logs. If IPS is enabled and you see log
messages that indicate packets were dropped because IPS detected a
problem, see “Troubleshooting IPS” on page 10-54.
5. When you have fixed the problem, remove the temporary access policy
that you created to troubleshoot the problem.
Troubleshooting NAT
If you suspect that a connectivity issue is related to NAT, complete following
steps:
1. Verify the NAT configuration by completing one of the following:
• From the TMS zl Module’s Web browser interface, click
Firewall > NAT
Policies > Policies
.
• From the TMS zl Module’s CLI, enter:
hostswitch (tms-module-C)# show nat
2. Make sure the appropriate access policy has been configured.
• From the TMS zl Module’s Web browser interface, click
Firewall >
Access Policies > Unicast
.
• From the TMS zl Module’s CLI, enter:
hostswitch (tms-module-C)# show access-policy
3. Use the show connections command to verify that addresses are translated
as you expect them to be.
• Check the NAT policies in the Firewall > NAT Policies > Policies window
to ensure that they are configured correctly.
• For destination NAT, verify that an access policy to the Self zone
permits the traffic selected for NAT.
4. Ensure that other network routers have the correct routing information
to route the packets.
The following are commonly asked questions about the TMS zl Module’s NAT
functionality:
■ How does multicast NAT work on the TMS zl Module?
The TMS zl Module does not support NAT with multicast traffic. When
you configure a NAT policy, the TMS zl Module will not apply that policy
to any multicast traffic.