2 debugging commands, Debugging ipsec packet, 2 debugging commands -59 – Panasonic 8000 User Manual

Page 106

Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".

Advertising
background image

Nortel Secure Router 8000 Series
Troubleshooting - VAS__________

2 IPSec and IKE troubleshooting

input/output securi^ty bytes: 4816/5600

input/output dropped securi^ty packets: 0/2

dropped securi^ty packet detai^l^:

no enough memory : 0

can't find SA: 2

queue is ful^l: 0

authentication is failed: 0

wrong length: 0

replay packet: 0

too long packet: 0

wrong SA : 0

input/output securi^ty packets: 56/56

The preceding display indicates the statistics of the number of input and output IPSec packets.

input/output securi^ty bytes: 4816/5600

The preceding display indicates the statistics of the number of input and output IPSec bytes.

input/output dropped securi^ty packets: 0/2

The preceding display indicates the statistics of the lost input and output packets under no
protection. The following information indicates the reasons for packet loss:

no enough memory: 0

The preceding display indicates the statistics of packets lost due to memory shortage. This
situation rarely occurs.

can't find SA: 2

The preceding display shows the statistics of the packets dropped because no IPSec SA is
found.. To remove the fault, see “Troubleshooting ISAKMP SA.”

queue is full: 0

The preceding display indicates that the full IPSec queue results in packet loss. That is, the
traffic is beyond the maximum IPSec transaction capability. When the traffic recovers, the
fault disappears.

2.9.2 Debugging commands

Command

Description

debugging ipsec packet

Debugs the IPSec packet.

debugging ike error

Debugs IKE errors.

debugging ipsec packet

IPSec drop packet! Noti^f^ IKE to negotiate SA for IPsec policy: map2-10

The packets are sent from the interface that uses the IPSec policy group. The packets match
the ACL used in policy map2-10, and the packets should be protected by IPSec. However, no

SA is set up. An IKE negotiation is then initiated to set up SAs based on the IPSec policy map

2-10 and packets that trigger the negotiation are dropped.

IPSec drop packet! IKE is negotiat^ing SA for IPsec policy: map2-10

Issue 01.01 (30 March 2009)

Nortel Networks Inc.

2-59

Advertising
Popular Brands
Popular manuals