Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1191119211931194119511961197119811991200
10-99
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
2. Check NAT policies and look for interference.
The module applies NAT before it selects traffic for the VPN. Therefore,
it might translate the source address of traffic that should be sent over the
VPN to an address that is not specified in the IPsec traffic selector—
preventing the connection from initiating. If you have implemented NAT
on the TMS zl Module, you should make sure that NAT does not interfere
with the VPN:
a. Check the traffic selector in the IPsec policy (see the VPN > IPsec >
IPsec Policies window).
In this example, the traffic selector is 192.168.3.0/24 to 192.168.5.0/24.
Figure 10-21.View VPN Selector
b. View NAT policies in the Firewall > NAT > NAT Policies window. Look
for a source NAT policy that applies to the traffic that should be
selected for the VPN. Often the NAT policy specifies more general
addresses that include the VPN traffic—as you see in Figure 10-22.
Figure 10-22.View NAT Policies
c. When you see such a policy, you must create a higher-priority NAT
exclusion policy. This policy should specify exactly the same traffic
that is configured in the IPsec policy traffic selector, and its setting
for Translate should be None.
To configure a policy to correct the problem in this example, complete
these steps: