Panasonic 8000 User Manual

Nortel Secure Router 8000 Series
Troubleshooting - VAS__________

2 IPSec and IKE troubleshooting

Item

Sub-item

Description

Configure the source
and destination port
specified in ACL rules

Optional.

Configure the other
items in ACL rules

Not required.

Configure the number of

ACL rules

Configure only one rule.

Configuring the
IPSec proposal

Configure the name of

the IPSec proposal

The name is a string of 1 to 15 characters.

Configure the
encapsulation mode

Transport mode or tunnel mode.

Configure the security

protocol

AH, ESP, or AH-ESP.

Configure the
authentication algorithm

MD5 or SHA-1.

Configure the
encryption algorithm

DES or 3DES.

Configuring the
IPSec policy

Configure the name of

the IPSec policy

The name is a string of 1 to 15 characters.

Policies with the same name are in a policy
group. The name and sequence number
define one policy; each policy group has a
maximum of 10000 policies.

Configure the sequence

number of the IPSec
policy

The sequence number ranges from 1 to

10000. The lower the value, the higher the

priority.

Configure the

negotiation mode

Set up SAs manually.

Configure the ACL

Each security policy can use only one ACL
rule. If there are several ACL rules, the last
configured ACL takes effect.

Configure the IPSec

protocol used

In IPSec SA manual setup, each policy can
use only one proposal.

Remove the previously configured proposal
before you establish a new one.

The security protocol, the algorithm, and
the encapsulation type must be the same on
the two ends of the tunnel.

Configure the IP address
of the peer

The IP address for the peer.

Issue 01.01 (30 March 2009)

Nortel Networks Inc.

2-7