Display ipsec sa brief, Display ike proposal – Panasonic 8000 User Manual

Page 103

Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".

Advertising
background image

2 IPSec and IKE troubleshooting

Nortel Secure Router 8000 Series

_________ Troubleshooting - VAS

The display indicates that the SPI on the inbound of SA is 54321, the protocol is ESP, the
encryption algorithm is DES (ESP-ENCRYPT-DES), and the authentication algorithm is

SHA-1 (ESP-AUTH-SHA1).

[outbound ESP SAs ]

spi^: 12345 (0x3039)

proposal: ESP-ENCRYPT-DES ESP-AUTH-SHA1

No duration limi^t for this sa

The display indicates that the SPI on the outbound of SA is 12345, the protocol is ESP, the
encryption algorithm is DES, and the authentication algorithm is SHA-1.

display ipsec sa brief

<RouterA> display ipsec sa brief

Src Address Dst Address SPI

Protocol Algorithm

202.38.162.1

202,38,163,1

54321

ESP

E :DES; A:HMAC-SHA1-96;

202.38.163.1

202,38,162,1

12345

ESP

E :DES; A:HMAC-SHA1-96;

Use the display ipsec sa command to view brief IPSec SA information.

For a detailed explanation of each field in the display lines, see “display ipsec sa policy.”

display ike proposal

<RouterA> display ike proposal

priority authentication authentication encryption Diffie-Hellman duration

method

algorithm

algori^thm

group

(seconds)

default PRE_SHARED SHA

DES_CBC MODP_768

86400

The following section explains each field in the display lines:

priority

Priority indicates the priority of IKE proposals. The value can be any integer from 1 to 100.
The higher the value, the lower the priority. Default indicates that the default IKE proposal
priority is used.

Authentication method

Currently, only pre-shared key authentication mode is applicable.

Authentication algorithm

The authentication algorithms in IKE proposals contain SHA-1 and MD5. You can use the
authentication-algorithm { md5 | sha1 } command to modify the configuration.

encryption algorithm

The encryption algorithms in IKE proposals contain DES (DES_CBC), 3DES (3DES_CBC),
and AES (AES_CBC).

You can use the encryption-algorithm { des-cbc | 3des-cbc | aes-cbc } command to modify

the configuration.

Diffie-Hellman group

Diffie-Hellman group flags used in IKE proposals contain 768-bit Diffie-Hellman
(MODP_768) and 1024-bit Diffie-Hellman (MODP_1024).

2-56

Nortel Networks Inc.

Issue 01.01 (30 March 2009)

Advertising
Popular Brands
Popular manuals