TMS zl Management and Configuration Guide ST.1.2.100916
10-102
Troubleshooting
Troubleshooting the TMS zl Module in Routing Mode
7. Check IKE settings on the TMS zl Module against settings on the remote
gateway.
To establish an IKE SA, the TMS zl Module and the remote gateway must
agree on a number of settings. Table 10-18 displays those settings and how
they should match up between the module and the remote device.
Table 10-18. Match IKE Settings on the Module and Remote VPN Gateway
Common errors include:
• The local or remote ID has been miskeyed, or the remote device uses
a different ID type.
• The preshared key (if used) is miskeyed.
• The security settings (encryption algorithm, authentication algo-
rithm, Diffie-Hellman group, and SA lifetime) do not match exactly.
If you are troubleshooting a VPN between TMS zl Modules, set the
security parameters to their default settings. If this change allows the
connection to come up, you can try changing the settings on both sides
of the connection to the settings that you want to use.
Setting TMS zl Module Setting Remote VPN Gateway
Local gateway address Reachable module address Reachable address on the
device
Remote gateway address Same reachable address on
the remote device
Same reachable module
address
Local ID type and value Module ID type and value Remote gateway ID type and
value
Remote ID type and value Remote gateway ID type and
value
Module ID type and value
Key exchange mode Same mode Same mode
Authentication mode Same method Same method
Preshared key Same key Same key
Encryption algorithm Same encryption algorithm Same encryption algorithm
Authentication algorithm Same authentication algorithm Same authentication algorithm
Diffie-Hellman Group Same group Same group
SA lifetime Same SA lifetime Same SA lifetime