TMS zl Management and Configuration Guide ST.1.1.100430
10-84
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
Table 10-14. IPsec Security Settings Proposed by Windows XP Clients
In the module’s IPsec policy, disable Perfect Forward Secrecy (PFS) and
set the lifetime to the default settings.
Troubleshoot L2TP Local Settings. If the VPN > Connections > VPN Con-
nections window on the TMS zl Module shows that the IPsec tunnel is up but
the VPN connection on the remote client still fails, the L2TP connection is
failing. (Sometimes the IPsec tunnel is deleted soon after the L2TP connection
fails. Therefore, you should also check the TMS zl Module log messages for a
message about a successful establishment of the IPsec SA.)
The following troubleshooting steps are for a VPN in which clients authenti-
cate to the TMS zl Module (move to the next section if your clients authenticate
to a RADIUS server):
1. Verify that the Windows client’s VPN connection uses the type of authen-
tication specified for the L2TP user on the TMS zl Module:
a. In the TMS zl Module’s Web browser interface, select Network >
Authentication > L2TP Users.
b. Edit the L2TP dial-in user account that the test client uses to log in.
c. Note the setting for Authentication Protocol.
You might try changing the setting to Any to determine whether this
solves the problem.
d. Also note the username and password.
e. Click Next and check the IP address settings. The User IP Address must
be on the same subnet as the Server IP Address, and this subnet must
be reserved for the L2TP tunnels (not configured on any TMS VLANs).
f. On the Windows client, open the Network Connections window.
g. Right-click the VPN connection to the TMS zl Module and select
Properties.
Proposal Protocol Encryption Algorithm Authentication Algorithm
1 ESP 3DES SHA-1
2ESP 3DES MD5
3 ESP DES SHA-1
4ESP DES MD5