1 typical networking, 2 configuration notes, 1 typical networking -33 – Panasonic 8000 User Manual

Nortel Secure Router 8000 Series
Troubleshooting - VAS__________

2 IPSec and IKE troubleshooting

2.5.1 Typical networking

Figure 2-10 shows the networking diagram of NAT traversal in the IPSec tunnel.

Figure 2-10 Networking diagram of IPSec NAT

Router A

Eth1/0/1

10.1.1.'

10.1.1.2

,

^

^

Router B

Eth1/0/^

Eth0/0/1

}

n

.

.1

Eth2/0/1

^^^

202.38.163.^^202.38.162.1^ ln

t

erne

t

^02.38.162.^m9

10.1.2.1

FirewallC

202.38.163.^

202.38.162.10

FirewallC

%

PCA

10.1.2.2

«

PC B

The networking environment is as follows:

•

A firewall (Firewall C) exists between Router A and Router B.

•

Create a security tunnel between Router A and Router B.

•

Set up SAs using an IPSec policy template.

•

Provide security protection to the data flow between the subnetwork segments 10.1.1.x
and 10.1.2.x.

•

Specify the security protocol, the encryption algorithm, and the authentication algorithm.

2.5.2 Configuration notes

The internal NAT network uses the normal ISAKMP SA configurations. The following table
lists the notes and constraints.

Item

Sub-item

Description

Configuring the

ACL

Configure the

ACL number

Use the advanced ACL, ranging from 3000 to
3999.

For configuring the internal NAT network, see
“Troubleshooting ISAKMP SA.” You must
configure the ACL.

Configure other
items

See the configuration notes for “Troubleshooting

ISAKMP SA.”

Configuring the
IPSec proposal

Configure the
IPSec proposal

name

The name is a string of 1 to 15 characters.

Configure the
encapsulation

mode

This must be tunnel mode.

Issue 01.01 (30 March 2009)

Nortel Networks Inc.

2-33