Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1191119211931194119511961197119811991200
10-76
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
IKE SA but No IPsec tunnel
If you see an IKE SA, click the Check status link. If the status indicates
“SA_Mature,” the IKE SA is fully established. However, the IPsec tunnel
has not come up; the connection has failed partway through the process.
In this case, begin by troubleshooting IPsec settings. (See “Troubleshoot
IPsec Settings for a Client-to-Site IPsec VPN” on page 10-70.)
If the IKE SA status is different from “SA_Mature,” IKE phase 1 has not
completed. (See “Troubleshoot IKE for a Client-to-Site IPsec Connection”
on page 10-63.)
IPsec tunnel
If you see an IPsec tunnel between the module and the remote client,
check your test client:
If the VPN connection is not connected, troubleshoot L2TP authenti-
cation and L2TP dial-in settings. Depending on whether you are using
local authentication or authentication to a remote RADIUS server, see
either:
“Troubleshoot L2TP Local Settings” on page 10-84
“Troubleshoot L2TP Local Settings” on page 10-84
If the VPN connection is up, troubleshoot firewall access policies and
verify that they permit the proper traffic. (See “Troubleshoot Access
Policies for a Client-to-Site L2TP over IPsec VPN” on page 10-93.)
Note Sometimes the IPsec tunnel is deleted soon after the L2TP connection fails.
Therefore, you should also check the TMS zl Module log messages for a
message about a successful establishment of the IPsec SA.
Troubleshoot IKE for an L2TP over IPsec VPN. If the IKE SA fails to
establish, try the troubleshooting tips in this section.
It is best practice to try one tip at a time, attempting to establish the VPN
connection on the test client after each change. After each attempt, re-evaluate
the connection:
If you can successfully send traffic over the connection, you can stop
troubleshooting.
If the VPN connection on the client comes up but traffic cannot reach its
destination, continue with “Troubleshoot Access Policies for a Client-to-
Site L2TP over IPsec VPN” on page 10-93.