Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1181118211831184118511861187118811891190
10-83
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
Troubleshoot IPsec Settings for a Client-to-Site L2TP over IPsec
VPN. This section includes tips for troubleshooting IPsec settings.
It is best practice to clear the IKE SA and attempt to re-establish the VPN
connection after making each change. Then re-evaluate the connection:
If the traffic can reach its destination, you can stop troubleshooting.
If the traffic cannot reach its destination but the IPsec tunnel and the
client’s VPN connection both come up, continue with “Troubleshoot
Access Policies for a Client-to-Site L2TP over IPsec VPN” on page 10-93.
If the traffic cannot reach its destination and the client’s VPN connection
fails, but the IPsec tunnel comes up, continue with “Troubleshoot L2TP
Local Settings” on page 10-84.
If the IPsec tunnel does not come up, continue with the next tip.
1. Sometimes the IPsec traffic selector is sufficiently correct to allow IKE
to initiate. However, it does not allow the IPsec tunnel to complete.
The selector must be configured exactly as follows:
Protocol = UDP
Local Address = the TMS zl Module’s reachable IP address (the same
one that is specified for the local gateway address in the IKE policy)
Local Port = 1701
Remote Address = Any
Remote Port = 1701
Note If you cannot find the misconfiguration, check all network objects used in
IPsec policies and verify that they are up-to-date and accurate.
2. Check the IPsec security settings.
To establish the IPsec tunnel, the TMS zl Module and the remote clients
must agree on a number of settings.
You must set the Encapsulation Mode in the module’s IPsec proposal to
Transport. Configure the settings for one of the proposals displayed in
Table 10-14.