Manualshelf

TMS zl Module Release Notes ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
61626364656667686970
56
Known Issues
Release ST.1.1.100226/ST.1.1.100330
PR_43471 — With IPsec using a DSA or RSA Certificate, a TMS zl Module and a ProCurve
Secure Router 7100 fail to authenticate as IPsec peers.
PR_43916 — RADIUS authentication for L2TP users could result in the user's connection
getting established and immediately getting disconnected without notification. The RADIUS
server must return the service-type attribute with a value of framed. If the service-type attribute
is not set to framed or is not available, the L2TP session gets established and immediately
disconnected without notification.
PR_44356 — Using a VPN with L2TP and IPsec Certificates is not supported.
PR_44478 — TMS zl Module does not support CRL retrieval via HTTP, LDAP, or OCSP.
PR_44479 — TMS zl Module will use the old CRL past the next CRL update time if it has not
retrieved the new CRL.
PR_44555 — When checking the IKE SA status on the Web browser interface, the SA lifetime
value is not automatically updated. For example, if a user clicks on View Status several times,
the SA lifetime remains the same and is not updated.
PR_44671 — A log entry shows authentication of remote L2TP peer is successful (mid=526)
despite failure. The L2TP user is not allowed access due to lack of a service-type Frame
attribute being returned from the RADIUS server. See PR_43916 for details.
PR_44781 — The TMS zl Module may log an erroneous log message when a user connects
via L2TP.
time="2009-09-04 13:39:27" severity=info pri=6
fw=ProCurve-TMS-zl-Module id=routing msg="KRT READ STATIC 172.16.80.2
mask 255.255.255.255 router 172.16.80 flags <UP STATIC>401: queuing
delete for duplicate entry
PR_44860 — The TMS zl Module Log messages do not provide enough detail to help
troubleshoot IPsec using certificate authentication.
PR_44911 — Removing an IKE policy displays different output from removing an IPsec
policy and proposal. For consistency, this should be reworded.
PR_45392 — No logging messages are generated when attempting to retrieve a certificate
from a server by SCEP. In a situation where the certificate retrieval failed, it is difficult to
tell what may have caused the failure
PR_45525 A TMS zl Module that receives GRE keep-alive packets may log those as a DoS
attack. Steps:
1. Create GRE tunnel
2. Go to Logging>View Log page and filter "gre"