Q: can ah and esp be used at the same time, 9 diagnostic tools, 1 display commands – Panasonic 8000 User Manual

Page 97: 9 diagnostic tools -50, 1 display commands -50

Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".

Advertising
background image

2 IPSec and IKE troubleshooting

Nortel Secure Router 8000 Series

_________ Troubleshooting - VAS

The local and remote ACLs must be mutually mirrored. (When the IPSec policy template
is used, this item can be ignored.)

Q: Can AH and ESP be used at the same time?

A: They can be used either separately or together. If they are used together, the user is
authenticated twice. Nortel recommends that you do not use them at the same time.

Q: Can ESP perform only packet encryption but not authentication?

A: Nortel recommends that you do not send unauthenticated packets.

Q: Can transport mode be used when the communication port and IPSec tunnel
port are different?

A: In transport mode, if the protected data flow is not on the IPSec tunnel port (that is, the
protected flow is not on any end of the tunnel), it cannot be securely protected.

Q: What are the constraints on configuring encryption and authentication shared
keys manually?

A: The constraints are as follows:

The shared key on the local inbound should be the same as that on the outbound of the
peer.

The shared key on the local outbound should be the same as that on the inbound of the
peer.

The shared keys on the two ends should be in the same format. For example, if on one
end, the shared key is a character string, it cannot be a hexadecimal numeral on the
remote end. If they are not in the same format, the IPSec tunnel setup fails.

Q: Can an SA that is set up using an IPSec policy template initiate an SA
negotiation?

A: The SA cannot be the negotiation initiator but it can be the responder.

Q: Why do I not need to specify the local IP address in the IPSec tunnel?

A: You can use the interface address as the local IP address after applying the IPSec policy on
an interface.

2.9 Diagnostic tools

2.9.1 Display commands

Command

Description

display ipsec proposal name

Displays the IPSec protocol.

display ipsec policy name

Displays the IPSec policy.

2-50

Nortel Networks Inc.

Issue 01.01 (30 March 2009)

Advertising
Popular Brands
Popular manuals