Panasonic 8000 User Manual

2 IPSec and IKE troubleshooting

Nortel Secure Router 8000 Series

_________ Troubleshooting - VAS

Item

Sub-item

Description

Configure the SPIs of
SAs

Configure the
authentication shared

keys for SAs

Configure SAs on inbound and outbound
directions.

Note the following:

• SA parameters on both ends should

match.

• The SPI on the local inbound direction

should be the same as that on the
outbound direction of the peer.

• The SPI on the local outbound direction

should be the same as that on the inbound
direction of the peer.

Configure the authentication shared keys

both on inbound and outbound directions.
Note the following:

• SA parameters on the two ends should

match.

• The authentication shared key on the local

inbound should be the same as that on the
outbound of the peer.

• The authentication shared key on the local

outbound direction should be the same as
that on the inbound direction of the peer.

The shared key has two formats:

• hexadecimal numerals

• character string

Use the sa string-key command to enter a
character string or use the
sa authentication-hex command to enter
hexadecimal numerals.

If both formats are used, the format used
last takes effect.

Note: Use the same shared key format on
the two ends. For example, if the shared key

is a character string on one end but is in
hexadecimal numeral format on the other,
the IPSec tunnel cannot be set up.

Configure the
encryption shared keys
for SAs

If the ESP protocol is used, configure the
encryption shared key.

2-8

Nortel Networks Inc.

Issue 01.01 (30 March 2009)