3 troubleshooting flowchart, 3 troubleshooting flowchart -19, Troubleshooting flowchart – Panasonic 8000 User Manual

Nortel Secure Router 8000 Series
Troubleshooting - VAS__________

2 IPSec and IKE troubleshooting

[RouterA-ike-peer-routerb] remote-address 202.38.162.1

1.

Configure an ACL.

# Configure an ACL, specifying the data flow from 10.1.1.x to 10.1.2.x.

[RouterA] acl number 3101

[RouterA-acl-adv-3101]

rule

permit

ip

source

10.1.1.0

0.0.0.255

destination

10.1.2.0

0.0.0.255

2.

Configure an IPSec proposal.

# Specify the name of the IPSec proposal as tran1. In this proposal, set the protocol
encapsulation mode to tunnel mode, the security protocol to ESP, the authentication
algorithm to SHA1, and the encryption algorithm to DES.

[RouterA] ipsec proposal tran1

[RouterA-ipsec-proposal-t^ran1] encapsulation-mode tunnel

[RouterA-ipsec-proposal-t^ran1] transform esp

[RouterA-ipsec-proposal-t^ran1] esp authentication-algorithm sha1

[RouterA-ipsec-proposal-t^ran1] esp encryption-algorithm des

3.

Configure an IPSec policy.

# Specify an IPSec policy named map1. The sequence number is 10 and the negotiation
mode is ISAKMP. In this policy, use the configured ACL and the security proposal and
specify the IKE peer.

[RouterA] ipsec policy map1 10 isakmp

[RouterA-ipsec-policy-isakmp-map1-10] security acl 3101

[RouterA-ipsec-policy-isakmp-map1-10] proposal tran1

[RouterA-ipsec-policy-isakmp-map1-10] ike-peer routerb

Apply the IPSec policy group.

# Apply the IPSec policy map1 on the serial interface.

[RouterA] interface Pos 1/0/1

[RouterA-Pos1/0/1] ipsec policy map1

4.

2.3.3 Troubleshooting flowchart

Figure 2-6 and Figure 2-7 show the troubleshooting flows both in Phase 1 and in Phase 2.

Issue 01.01 (30 March 2009)

Nortel Networks Inc.

2-19