TMS zl Management and Configuration Guide ST.1.2.100916
10-98
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
Figure 10-20.IKE Firewall Access Policies for a Site-to-Site VPN
Figure 10-20 illustrates a site-to-site VPN and displays the correct access
policies. Note that the access policies are between the Self and the
External zone. The correct access policies always include the Self zone.
However, the other zone depends on your setup. This example features
the External zone because the VPN is established through the Internet,
and the VLAN on which the module connects to the Internet is in the
External zone.
If you are missing any of these access policies, add them now.
Note When you create new access policies, enable logging on them for the
purposes of troubleshooting.
Access policies
External to Self
Permit isakmp 172.16.24.253 172 .16.1.254
Permit ipsec -nat-t-udp 172.16.24.253 172.16.1.254
Self to External
Permit isakmp 172.16.1.254 172.16.24.253
Permit ipsec -nat-t-udp 172.16.1.254 172 .16.24.253
Internal zone
External zone
Server VLAN
10.1.30.0/24
Internet
VLAN
172.16.1.0/24
Module =
172.16.1.254
zl
ProCurve
Gig-T/SFP
zl Module
J8705A
PoE-Integrated 10/100/1000Base-T Ports (1-24) - Ports are IEEE Auto MDI/MDI-X
15
62
3
4
711
128
9
10
13 17
1814
15
16
19
20
23
24
21
22
Use ProCurve
mini-GBICs
and SFPs only
zl
ProCurve
Gig-T/SFP
zl Module
J8705A
PoE-Integrated 10/100/1000Base-T Ports (1-24) - Ports are IEEE Auto MDI/MDI-X
15
62
3
4
711
128
9
10
13 17
1814
15
16
19
20
23
24
21
22
Use ProCurve
mini-GBICs
and SFPs only
IPsec connection
Internet
VPN gateway
172.16.24.253