3 troubleshooting isakmp sa, 1 typical networking, 3 troubleshooting isakmp sa -14 – Panasonic 8000 User Manual
Page 61: 1 typical networking -14, 3 troubleshooting isakmp
Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".
2 IPSec and IKE troubleshooting
Nortel Secure Router 8000 Series
_________ Troubleshooting - VAS
<RouterA> display ipsec sa policy map1
Interface: Ethernet0/2/0
path MTU : 1500
IPsec policy name: "map1"
sequence number: 10
mode: manual
encapsulation
mode:
tunnel
tunnel local : 202.38.163.1
tunnel remote: 202.38.162.1
[inbound ESP SAs]
sp^: 54321 (0xd431)
proposal: ESP-ENCRYPT-DES ESP-AUTH-SHA1
No duration lim^t for this sa
[outbound ESP SAs]
sp^: 12345 (0x3039)
proposal: ESP-ENCRYPT-DES ESP-AUTH-SHA1
No duration lim^t for this sa
Use the display ipsec sa brief command to view brief information about IPSec SAs.
<RouterA> display ipsec sa brief
Src Address Dst Address SPI
VPN Protocol Algorl^thm
202.38.162.1
202.38.163.1
54321
0
ESP
E:DES; A:HMAC-SHA1-96;
202.38.163.1
202.38.162.1
12345
0
ESP
E:DES; A:HMAC-SHA1-96;
Compare the SA setup on Router A and Router B. If the SAs are not in retroactive agreement,
modify the incorrect SA configuration.
If the fault persists, contact Nortel technical support.
----End
2.3 Troubleshooting ISAKMP SA
This section covers the following topics:
•
•
•
2.3.1 Typical networking
Figure 2-5 shows the IPSec SA setup in ISAKMP mode.
2-14
Nortel Networks Inc.
Issue 01.01 (30 March 2009)