Configuring a gre tunnel – Panasonic 8000 User Manual

2 IPSec and IKE troubleshooting

Nortel Secure Router 8000 Series

_________ Troubleshooting - VAS

Item

Sub-item

Description

Configure the number of

ACL rules

Configure only one ACL rule.

Configuring the
IPSec proposal

Configure the name of

the IPSec proposal

The name is a string of 1 to 15 characters.

Configure the
encapsulation mode

Transport mode or tunnel mode.

To save bandwidth, transport mode is
preferred.

Configure other items

See “Troubleshooting ISAKMP SA.”

Configuring the
local ID for
IKE

—

See “Troubleshooting ISAKMP SA”.

Configuring the
IKE proposals

—

See “Troubleshooting ISAKMP SA.”

Configuring the
IKE peer

—

See “Troubleshooting ISAKMP SA.”

Configuring the
IPSec policy

—

See “Troubleshooting ISAKMP SA.”

Applying the
IPSec policy

Configure the type and

number of interfaces

Enable IPSec on the physical interfaces on
a GRE tunnel. The source and the
destination IP addresses of the tunnel must
not be loopback addresses.

IPSec over GRE supports applying a
policy group to GRE virtual interfaces.

Configure the IPSec policy
group name

Apply only one IPSec policy group on one
interface.

For configuration notes, see
“Troubleshooting ISAKMP SA.”

Router A serves as an example of the configuration notes for GRE over IPSec. Router B and
Router A are mutually mirroring.

CQ NOTE

The following sections cover part of the commands used to configure IPSec. For more information, see
Nortel Secure Router 8000 Series Configui^ation Guide - Security (NN46240-600).

Configuring a GRE tunnel

# Encapsulate the tunnel with GRE. Configure the IP addresses for the source and destination
tunnel ends. Note that the two addresses cannot be loopback addresses.

<RouterA> system-view

[RouterA] interface tunnel 1/0/1

[RouterA-Tunnel^i/Q/i] tunnel-protocol gre

[RouterA-Tunnel^i/Q/i] source 202.38.163.1

2-44

Nortel Networks Inc.

Issue 01.01 (30 March 2009)