Manualshelf

TMS zl Module Release Notes ST.1.2.101122

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
41424344454647484950
42
Software Fixes in Releases ST.1.0.090213 - ST.1.2.101122
Release ST.1.2.101122
Release ST.1.2.101122
The following problems were resolved in release ST.1.2.101122
VPN
PR_62599 — L2TP/IPsec VPN fails when traffic is behind a NAT device and the ANY option
is used.
Example Topology
L2TP/IPsec client-----NAT Device-------------TMS------Protected server
A client using Windows native L2TP/IPsec client will fail to authenticate when it is behind a NAT
device and the "ANY" option is used for the Remote address field in the IPsec policy. If the user
configures the TMS to use a specific IP address, the remote device NAT external IP address, then
the VPN gets established and authenticated. Also, if there is no NAT device present, then the ANY
option allows the client to establish the tunnel and authenticate successfully.
Using the combination of NAT device and ANY has the following effect:
1. IPsec tunnel gets established
2. ESP packets get dropped at the firewall. The following message shows up on the logs:
SA selectors are not matching with the received packet selectors.
Dropping packet
From the Windows system, the VPN client just returns an error message saying that the
connection was interrupted.