Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1201120212031204120512061207120812091210
10-81
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
Table 10-13. IKE Security Settings Proposed by Windows XP Clients
Common errors include:
The local or remote ID has been miskeyed, or the remote device uses
a different ID type.
Note To eliminate problems with the remote ID, you can try specifying 0.0.0.0
instead of wildcards or email addresses, domain names, or distinguished
names. If this change fixes the problem, you will know that you must examine
the remote ID in more detail.
The preshared key (if used) is miskeyed.
You must manually enter the preshared key on the Windows client.
Follow these steps:
i. On the Windows client, open the Network Connections window.
ii. Right-click the VPN connection to the TMS zl Module and select
Properties.
iii. Click the Security tab.
iv. Click IPsec Settings.
v. Select the Use pre-shared key for authentication check box.
vi. For Key, type the preshared key that you specified in the IKE
policy on the TMS zl Module.
vii. Click OK until the Properties window closes.
The security settings (encryption algorithm, authentication algo-
rithm, Diffie-Hellman group, and SA lifetime) do not match exactly.
XAUTH is enabled in the TMS zl Module’s IKE policy.
You must disable XAUTH for L2TP over IPsec VPNs.
If you make any corrections to the IKE policy, try to send VPN traffic from
the test device. Then re-evaluate. If you need to continue troubleshooting,
leave any changes to the IKE policy that you are confident are corrections.
However, if you experimented with a change, and the experiment did not
solve the problem, you should revert to your original settings.
Proposal Encryption Algorithm Authentication Algorithm Diffie-Hellman Group SA Lifetime in Seconds
1 3DES SHA-1 2 28800
2 3DES MD5 2 28800
3 DES SHA-1 1 28800
4 DES MD5 1 28800