TMS zl Management and Configuration Guide ST.1.1.100430

10-74

Troubleshooting

Troubleshooting the TMS zl Module in Routing Mode

5. Attempt to initiate a VPN connection.

If the VPN connection comes up and the test client can successfully send

traffic across it, then you should look for problems such as the following:

■ The TMS zl Module and the actual remote clients cannot reach each other.

Check the module’s routes and verify that it has a route to the remote clients

(which may not be directly connected to a TMS VLAN as the test client is).

■ The firewall access policies do not permit NAT-T traffic.

A device between the TMS zl Module and the remote clients may perform

NAT on the clients’ traffic, which can interfere with the VPN. The module

supports NAT-T to deal with this problem, but you must allow NAT-T traffic

through the firewall. Configure access policies that allow traffic with the

ipsec-nat-t-udp

service between the remote clients and the TMS zl Module.

If the test client experiences the same problem as the remote clients, you must

troubleshoot the connection as described in the sections that follow.

View VPN Connections.

The first step in troubleshooting a VPN is determin-

ing where the connection fails. You can view VPN connections in the

VPN

Connections

VPN Connections

window of the TMS zl Module’s Web browser

interface.