Configuring the local id for ike, Configuring an ike proposal, Configuring the ike peer – Panasonic 8000 User Manual

Page 65

Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".

Advertising
background image

2 IPSec and IKE troubleshooting

Nortel Secure Router 8000 Series

_________ Troubleshooting - VAS

Item

Sub-item

Description

Configure PFS

PFS is enabled in IPSec negotiation.

By default, PFS is disabled.

Perform a PFS exchange in the IPSec
negotiation. If you are specifying PFS on
the local end, you need to enable PFS
exchange when the peer initiates the
negotiation; that is, in Phase 2, add an
additional shared key exchange to ensure
high security. The Diffie-Hellman group
specified on the two ends must be the same
or the negotiation fails.

Configuring the
IPSec policy
group
application

Configure the interface

type and ID

Indicates the interface on which the IPSec
policy is applied..

For configuration notes, see the notes for
“Troubleshooting manual IPSec SA setup .”

Configure the name of
IPSec policy group

Apply only one IPSec policy group on one
interface.

For configuration notes, see the notes for
“Troubleshooting manual IPSec SA setup .”

Router A serves as an example of the configuration notes for setting up ISAKMP SAs. The
configurations on Router B are the same as the configurations on Router A.

CQ NOTE

The following sections cover part of the commands for configuring ISAKMP SA. For more information,
see Nortel Secure Router 8000 Series Configuration Guide - Security (NN46240-600).

Configuring the local ID for IKE

# Configure the host local ID in aggressive IKE negotiation mode.

<RouterA> system-view

[RouterA] ike local-name routera

Configuring an IKE proposal

Use the default IKE proposal between the IKE peers.

Configuring the IKE peer

# Configure the name of the IKE peer to routerb, use aggressive negotiation mode, use
“name” as the ID authentication type, preset the shared key to nortel, and set the remote IP
address to 202.38.162.1. Note that shared keys configured on the peers must be consistent.

[RouterA] ike peer routerb

[RouterA-ike-peer-routerb] exchange-mode aggressive

[RouterA-ike-peer-routerb] local-id-type name

[RouterA-ike-peer-routerb] pre-shared-key nortel

[RouterA-ike-peer-routerb] remote-name routerb

2-18

Nortel Networks Inc.

Issue 01.01 (30 March 2009)

Advertising
Popular Brands
Popular manuals