TMS zl Management and Configuration Guide ST.1.2.100916
10-97
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
Table 10-17. IKE capture Messages
If you do not want to activate the capture command, try these tips in order:
1. Verify that the firewall access policies allow IKE to complete.
Access policies must permit IKE traffic between the TMS zl Module and
the remote gateway. You should also create access policies that permit
NAT-T traffic in case an intervening NAT device translates either the
remote gateway’s or the module’s address.
Example capture Messages Problem Begin Troubleshooting At:
No messages IKE is not initiating. Step 1 on page 10-97
IP tms1.isakmp > tms2.isakmp: isakmp: phase 1
I ident
IP tms2.isakmp > tms1.isakmp: isakmp: phase 1
R inf
The module and the remote
gateway’s IKE security settings
do not match.
Step 7 on page 10-102
IP tms1.isakmp > tms2.isakmp: isakmp: phase 1
I ident
IP tms2.isakmp > tms1.isakmp: isakmp: phase 1
R ident
IP tms1.isakmp > tms2.isakmp: isakmp: phase 1
I ident
IP tms2.isakmp > tms1.isakmp: isakmp: phase 1
R ident
IP tms1.isakmp > tms2.isakmp: isakmp: phase 1
I ident[E]
IP tms2.isakmp > tms1.isakmp: isakmp: phase 1
R ident[E]
IP tms1.isakmp > tms2.isakmp: isakmp: phase
2/others I inf[E]
IKE authentication fails:
• The local or remote ID are
incorrect.
• The preshared key is
miskeyed.
• Certificates are
misconfigured (see step 9
on page 10-104).
Step 7 on page 10-102