Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1151115211531154115511561157115811591160
10-59
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
Troubleshooting VPNs
The following sections help you to troubleshoot a VPN connection. The first
section, “VPN Troubleshooting Tools” on page 10-59, provides you with some
basic troubleshooting tools. Other sections provide a process for trouble-
shooting particular types of VPN connections:
“Troubleshooting a Client-to-Site IPsec VPN” on page 10-61
“Troubleshooting a Client-to-Site L2TP over IPsec VPN” on page 10-73
“Troubleshoot a Site-to-Site IPsec VPN” on page 10-94
“Troubleshoot a GRE over IPsec Tunnel” on page 10-108
Often troubleshooting a VPN requires careful work checking settings on one
side of the connection against settings on the other. The sections listed above
include several tables intended to help you do so.
VPN Troubleshooting Tools
Throughout the troubleshooting process, you can check the TMS zl Modules
logs for clues about what is causing the problem. See “Filter for Logs Relevant
to the VPN” on page 10-59.
For more detailed information, you can access the TMS zl Module’s CLI and
use the capture command. See “Use the CLI capture Command to Troubleshoot
the VPN” on page 10-60.
From time to time, you must clear IKE security associations (SA) and IP
security (IPsec) tunnels so that you can see whether your changes have fixed
the problem. See “Clear IKE SAs and IPsec Tunnels” on page 10-61 to learn
how.
Filter for Logs Relevant to the VPN. While you are troubleshooting the
VPN, you should lower the severity for events that are logged. In the TMS zl
Module’s Web browser interface, select System > Logging > Settings. For Log
Severity, select Information and click Apply My Settings.
Caution Logging all events at the information level and above can affect the module’s
performance. Only use this setting when you are troubleshooting.
When you have reproduced your problem and want to view log messages, click
View Log System > Logging > View Log.
The following filters are useful for troubleshooting an IPsec VPN:
Destination IP is [A.B.C.D] (local VPN gateway)