2 troubleshooting manual ipsec sa setup, 1 typical networking, 2 configuration notes – Panasonic 8000 User Manual
Page 53: 2 troubleshooting manual ipsec sa setup -6, 1 typical networking -6, 2 configuration notes -6
Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".
2 IPSec and IKE troubleshooting
Nortel Secure Router 8000 Series
_________ Troubleshooting - VAS
Main mode: Isolates the shared key exchange from the authentication information to
ensure the user’s identity.
Aggressive mode: Allows transmitting payloads related to the SA, shared key, and
authentication.
2.2 Troubleshooting manual IPSec SA setup
This section covers the following topics:
•
•
•
2.2.1 Typical networking
Based on Figure 2-3, you can set up an IPSec SA manually.
Figure 2-3 Networking diagram of the manual IPSec SA setup
Router B
Pos2/0/1
202.38.162.1^^9
10.1.1.
1
10.1.1
2
Router
^
^
F
Pos1/0/^
f
Pos2/0/1
^^■^5^202.38.163.^
/
■ 202.38.162.1
---------—-------/ Internet Æ---------------------------- 1
10.1.2.
1
10.1.2.
2
The networking environment is as follows:
•
Set up the IPSec SA manually.
•
Create a security tunnel between Router A and Router B.
•
Provide security protection to the data flow between the two network segments 10.1.1 x
and 10.1.2.x.
•
Specify the security protocol, the encryption algorithm, and the authentication algorithm.
2.2.2 Configuration notes
Item
Sub-item
Description
Configuring the
ACL
Configure the ACL
number
Use the advanced Access Control List
(ACL), ranging from 3000 to 3999.
Configure the source
and destination address
specified in ACL rules
Specify the source and destination IP
address of the data flow to protect. Nortel
recommends that you avoid using the
keyword any.
2-6
Nortel Networks Inc.
Issue 01.01 (30 March 2009)