Panasonic 8000 User Manual

2 IPSec and IKE troubleshooting

Nortel Secure Router 8000 Series

_________ Troubleshooting - VAS

Item

Configuring the
local ID for IKE

Configuring the
IPSec proposal

Configuring the
IKE peer

Configuring the
IPSec policy

Sub-item

Configure other
items

Configure the
local ID for IKE

Configure the
IKE peer name

Configure the
IKE negotiation

mode

Configure the
sequence number
of IKE proposals

Configure the
local ID type

Configure the
authenticator

Configure the IP
address or address
segments of the

peer

Configure the

peer name

Enable NAT

Description

See the configuration notes for “Troubleshooting

ISAKMP SA.”

You must configure a local ID for IKE because

NAT traversal uses aggressive IKE negotiation

and the local name is configured as the local
authentication type.

See the configuration notes for “Troubleshooting

ISAKMP SA.”

The name is a string of 1 to 15 characters.

Use aggressive negotiation mode.

Use the default IKE proposal in aggressive mode.

Specify the local name as the local ID.

Currently, only the pre-shared key authentication

type is applicable.

You must configure shared keys on the peer. The
shared keys of two ends in the same SA must be
the same.

Configure the IP addresses or address segments
for the IKE peer. If high-ip-address is not
specified, configure only one IP address for the
IKE peer.

Here, the IP address of the peer must be a unique
address because the IPSec policy template does
not use the IKE peer.

To configure IP addresses or address segments for
peers, run the remote-address [ vpn-instance

vpn-instance-nawe

]

lo^-ip-address

[

high-ip-address

] command in the IKE proposal

view.

The name is a string of 1 to 15 characters.

If the local authentication mode is “name,” you
must specify the peer name.

Enable NAT.

See the configuration notes for “Troubleshooting

ISAKMP SA.”

2-34

Nortel Networks Inc.

Issue 01.01 (30 March 2009)