Manualshelf

TMS zl Module Release Notes ST.1.2.101122

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
71727374757677787980
71
Known Issues
Release ST.1.1.100226/ST.1.1.100330
PR_44479 TMS zl Module will use the old CRL past the next CRL update time if it has
not retrieved the new CRL.
PR_44555 — When checking the IKE SA status on the web browser interface, the SA lifetime
value is not automatically updated. For example, if a user clicks on View Status several times,
the SA lifetime remains the same and is not updated.
PR_44671 — A log entry shows authentication of remote L2TP peer is successful (mid=526)
despite failure. The L2TP user is not allowed access due to lack of a service-type Frame
attribute being returned from the RADIUS server. See PR_43916 for details.
PR_44781 — The TMS zl Module may log an erroneous log message when a user connects
via L2TP.
time="2009-09-04 13:39:27" severity=info pri=6
fw=ProCurve-TMS-zl-Module id=routing msg="KRT READ STATIC 172.16.80.2
mask 255.255.255.255 router 172.16.80 flags <UP STATIC>401: queuing
delete for duplicate entry
PR_44860 — The TMS zl Module Log messages do not provide enough detail to help
troubleshoot IPsec using certificate authentication.
PR_44911 — Removing an IKE policy displays different output from removing an IPsec
policy and proposal. For consistency, this should be reworded.
PR_45392 — No logging messages are generated when attempting to retrieve a certificate
from a server by SCEP. In a situation where the certificate retrieval failed, it is difficult to
tell what may have caused the failure
PR_45525 A TMS zl Module that receives GRE keep-alive packets may log those as a DoS
attack. Steps:
1. Create GRE tunnel
2. Go to Logging>View Log page and filter "gre"
Notice a log similar to this one:
time="2009-09-24 17:19:33" severity=minor pri=3
fw=ProCurve-TMS-zl-Module id=fw_l2l3_attack msg="Invalid source &
destination: dropping packet" srczone=ZONE6 src=172.15.2.254 srcport=0
dstzone=ZONE5 dst=172.15.2.250 dstport=0 proto=GRE subfamid=dosattack
mtype=attack mid=1530
PR_45634 — An incorrect IP address is accepted in the destination field when editing a
multicast policy. Steps:
1. Go to Firewall/Access policies/Multicast
2. Click on Add a policy