TMS zl Management and Configuration Guide ST.1.1.100430
10-108
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
If you can do so securely, try configuring these most basic policies and see if
the traffic can reach its destination. Remember to enable logging on the
policies in question so that you can see when traffic matches a policy. It is
possible that the module is permitting the traffic but another security device
is dropping it.
Once you get traffic flowing across the tunnel, you can experiment with more
restrictive policies.
Troubleshoot a GRE over IPsec Tunnel
This section outlines a process for troubleshooting a GRE over IPsec tunnel
and provides some troubleshooting tips.
Set up a Test Device. As you troubleshoot the VPN, you must periodically
attempt to establish the VPN to determine whether you have fixed the prob-
lem. To test a GRE over IPsec tunnel, you must attempt to send traffic from a
local endpoint to a remote endpoint. It is a good idea to set up a test endpoint
to send this traffic:
1. Connect the endpoint to a port on the host switch.
2. Assign the switch port to a VLAN on which module receives traffic from
local devices.
3. Assign the endpoint an IP address in the subnet associated with this VLAN
and configure the TMS zl Module as its default gateway.
4. Attempt to send traffic that should be routed across the GRE over IPsec
tunnel.
Disable IPsec. You should determine whether it is the GRE tunnel or the
IPsec settings that are causing the problem. If you can do so securely, disable
the IPsec policy for the connection:
1. Select VPN > IPsec > IPsec Policies.
2. Click the Edit icon for the policy in question.
3. Clear the Enable this policy check box.
4. Click Next and Finish until the window closes.