TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

1231

10-109

Troubleshooting

Troubleshooting the TMS zl Module in Routing Mode

Attempt to send traffic to a remote endpoint from the local test device:

■ If the traffic cannot reach its destination, you must troubleshoot the GRE

tunnel (see “Troubleshoot the GRE Tunnel” on page 10-109).

■ If the traffic can reach its destination, the GRE tunnel is functioning

correctly. Re-enable the IPsec policy. You must troubleshoot IKE and

IPsec. Refer to the instructions for troubleshooting a site-to-site VPN:

• “Troubleshoot IKE for a Site-to-Site VPN” on page 10-96

• “Troubleshoot IPsec Settings for a Site-to-Site VPN” on page 10-105

Troubleshoot the GRE Tunnel. If the GRE tunnel fails, try the trouble-

shooting tips listed in this section.

It is best practice to try one tip at a time, attempting to send traffic across the

tunnel after each change. If the attempt fails, continue with the next tip. If, on

the other hand, the attempt is successful, you must re-enable the IPsec policy

and once again attempt to send your traffic:

■ If you can successfully send traffic over the connection, you can stop

troubleshooting.

■ If the attempt fails, refer to the instructions for troubleshooting a site-to-

site VPN:

• “Troubleshoot IKE for a Site-to-Site VPN” on page 10-96

• “Troubleshoot IPsec Settings for a Site-to-Site VPN” on page 10-105

Check the following:

1. If you are trying to set up a GRE tunnel with a non-TMS endpoint, check

the options that are configured on that endpoint. The TMS zl Module’s

GRE functionality may not properly detect GRE keepalives if a non-TMS

endpoint specifies GRE options such as a Checksum or Sequencing. Nor-

mal GRE traffic can be received with these options present, but GRE

keepalives with these options are not handled properly. This results in the

GRE tunnel being detected as down by the non-TMS endpoint of the GRE

tunnel. Please note that the TMS zl Module does not currently include GRE

options such as these, so they cannot be configured for transmission of

GRE traffic from the TMS zl Module.

2. If you are trying to set up a GRE tunnel with a non-TMS endpoint, ensure

that a key parameter is not specified on the endpoint. The TMS zl Module

does not support this parameter. If a GRE implementation has the key

parameter specified, normal GRE traffic as well as keepalive traffic will

not pass.