Panasonic 8000 User Manual

2 IPSec and IKE troubleshooting

Nortel Secure Router 8000 Series

_________ Troubleshooting - VAS

Item

Sub-item

Description

Configure the
encryption algorithm

DES or 3DES.

Configure the local ID
for IKE

In the aggressive negotiation mode, if name
is used as the local authentication type,
configure the local ID.

In the main mode, the local ID is not
necessary.

Configure the priority of

the IKE proposal

This is an integer from 1 to 100, indicating
the priority of a specified IKE proposal.

The lower the value, the higher the priority.

Configure the
authentication mode

Specify pre-shared key as the IKE proposal

authentication mode. You need to configure
the authenticator for pre-shared key.

By default, the authentication mode is
pre-shared key.

Configure the
authentication algorithm

MD5 or SHA-1.

By default, the authentication algorithm is

SHA-1.

Configure the
encryption algorithm

DES or 3DES.

By default, the encryption algorithm is DES.

Configure the
Diffie-Hellman group
flag

The Diffie-Hellman group flag can be
groupl (768 bits) or group2 (1024 bits).

By default, use group1 (768 bits) as the
Diffie-Hellman group.

Configure the ISAKMP
SA duration

Specify the ISAKMP SA duration, ranging

from 60 to 604800 seconds. The default is
86400 seconds per day.

Before the duration expires, a new SA
negotiation is set up to replace the old SA.
Use the old SA until the new SA negotiation
is complete. When the new SA is set up, the
old one is removed.

In IKE negotiation, the DH algorithm is
required. To ensure secure communication
in ISAKMP SA updates, configure the
duration to more than 10 minutes.

Configuring the
IKE peer

Configure the name of

the IKE peer

The name is a string of 1 to 15 characters.

Configure the IKE

negotiation mode

Main mode or aggressive mode.

By default, main mode is used.

2-16

Nortel Networks Inc.

Issue 01.01 (30 March 2009)