TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

1221

10-103

Troubleshooting

Troubleshooting the TMS zl Module in Routing Mode

If you make any corrections to the IKE policy, try to send VPN traffic from

the test device. Then re-evaluate. If you must continue troubleshooting,

leave any changes to the IKE policy that you are confident are corrections.

However, if you experimented with a change, and the experiment did not

solve the problem, you should revert to your original settings.

8. In the previous step, you checked the general IKE policy. However, you

might need to do additional troubleshooting when the policy specifies

XAUTH.

a. If you have access to the remote gateway, disable XAUTH on both the

TMS zl Module and the remote gateway:

i. Edit the IKE policy on the TMS zl Module and disable XAUTH (the

setting is in the Edit IKE Policy—Step 3 of 3 window).

ii. Disable XAUTH on the remote gateway.

iii. Attempt to send VPN traffic from the test device.

If the connection still does not come up, move to 9 on page 10-104.

Note Leave XAUTH disabled in case both XAUTH and another setting are causing

the problem. You will re-enable XAUTH when you have finished troubleshoot-

ing the connection.

b. If the IKE SA now comes up, you know that XAUTH is causing

problems and you must trouble shoot it. Also troubleshoot XAUTH if

you could not disable it in the previous step.

If the TMS zl Module was acting as an XAUTH server, look for these

problems:

– A misconfigured IP address for the module’s external RADIUS

server

– A mismatch between the password on the remote gateway and

the external RADIUS server or local user account

– A mismatch between the authentication protocol on the two

gateways

– An external RADIUS server that does not support the correct

authentication protocol

If the TMS zl Module was acting as an XAUTH client, look for these

problems:

– A misconfigured password

– A mismatch between the authentication protocol and the proto-

col on the remote gateway

– Problems with the remote gateway’s local database or RADIUS

server