Configuring routes – Panasonic 8000 User Manual
Page 86
Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".
Nortel Secure Router 8000 Series
Troubleshooting - VAS__________
2 IPSec and IKE troubleshooting
[RouterB-ipsec-policy-templet^-maptemp-10] ike-peer routerb
7.
Configure an IPSec policy.
# Configure the name of the IPSec policy to map1, the sequence number to 100, and the
negotiation mode to ISAKMP. Use the IPSec policy template maptemp.
[RouterB] ipsec policy map1 100 isakmp template maptemp
8.
Apply the IPSec policy group.
# Apply the IPSec policy map1 on the Ethernet interface.
[RouterB] interface Ethernet 2/1/0
[RouterB-Ethernet1/2/0] ipsec policy map1
Configuring routes
On Router B, there should be a route to 10.1.1.0/24 with the egress as Ethernet 2/0/1.
After IPSec packets are decapsulated, the original IP packets are displayed. NAT fails because
the original IP packets are encrypted through the ESP protocol. Packets still use the IP address
that has not been translated by the firewall. When the response packets reach Router B and
find no routes to the destination, they cannot be forwarded through the IPSec tunnel.
Issue 01.01 (30 March 2009)
Nortel Networks Inc.
2-39