TMS zl Management and Configuration Guide ST.1.2.100916
10-64
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
If you use the CLI capture command to view IKE messages while you attempt
to initiate a connection from the test client, you can pinpoint the problem more
precisely using Table 10-7.
Table 10-7. IKE capture Messages
If you do not want to activate the capture command, simply try these tips in
order:
1. Verify that the firewall access policies allow IKE to complete.
Access policies must permit IKE traffic between the TMS zl Module and
the remote clients. You should also create access policies that permit NAT-
T traffic in case an intervening NAT device translates the clients’ or the
module’s IP address.
Example capture Messages Problem Begin Troubleshooting
No messages The module is not receiving or not
accepting the remote client’s IKE
messages.
Step 1 on page 10-64
IP tms1.isakmp > tms2.isakmp: isakmp: phase 1 I ident
IP tms2.isakmp > tms1.isakmp: isakmp: phase 1 R inf
The module and the remote
client’s IKE security settings do
not match.
Step 7 on page 10-67
IP tms1.isakmp > tms2.isakmp: isakmp: phase 1 I ident
IP tms2.isakmp > tms1.isakmp: isakmp: phase 1 R ident
IP tms1.isakmp > tms2.isakmp: isakmp: phase 1 I ident
IP tms2.isakmp > tms1.isakmp: isakmp: phase 1 R ident
IP tms1.isakmp > tms2.isakmp: isakmp: phase 1 I ident[E]
IP tms2.isakmp > tms1.isakmp: isakmp: phase 1 R ident[E]
IP tms1.isakmp > tms2.isakmp: isakmp: phase 2/others I
inf[E]
IKE authentication fails:
• The local or remote ID are
incorrect.
• The preshared key is miskeyed.
• Certificates are misconfigured
(see step 9 on page 10-68).
Step 7 on page 10-67