TMS zl Management and Configuration Guide ST.1.1.100430
10-78
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
Note These policies must be configured for the None user group.
Figure 10-14.IKE Firewall Access Policies for a Client-to-Site L2TP VPN
Figure 10-14 illustrates a client-to-site L2TP over IPsec VPN and displays
the correct access policies.
In this example, access policies use the Self and External zones. You
should always use the Self zone, but your policies might require a different
zone from External. Use the zone that includes the VLAN on which your
TMS zl Module receives traffic from the remote endpoints. If the remote
endpoints are in multiple zones, you must create access policies to and
from each zone.
If you are missing any of these access policies, add them now.
Access policies
External to Self
Permit isakmp Any 172 .16.1.254
Permit ipsec-nat-t Any 172 .16.1.254
Permit l2tp-udp Any 172.16.1.254
Self to External
Permit isakmp 172.16.1.254 Any
Permit ipsec-nat-t 172.16.1.254 Any
Permit l2tp-udp 1701 172 .16.1.254 Any
Internal zone
External zone
Server VLAN
10.1.30.0/24
Internet
VLAN
172 .16.1.0/24
Module =
172.16.1.254
zl
ProCurve
Gig-T/SFP
zl Module
J8705A
PoE-Integrated 10/100/1000Base-T Ports (1-24) - Ports are IEEE Auto MDI/MDI-X
15
62
3
4
711
128
9
10
13 17
1814
15
16
19
20
23
24
21
22
Use ProCurve
mini-GBICs
and SFPs only
zl
ProCurve
Gig-T/SFP
zl Module
J8705A
PoE-Integrated 10/100/1000Base-T Po rts (1-24) - Po rts are IEEE Au to MD I/MDI-X
15
62
3
4
711
128
9
10
13 17
1814
15
16
19
20
23
24
21
22
Use ProCurve
mini-GBICs
and SFPs only
L2TP over IPsec
Internet