Configuring an acl, Configuring an ipsec proposal – Panasonic 8000 User Manual

Page 56

Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".

Advertising
background image

Nortel Secure Router 8000 Series
Troubleshooting - VAS__________

2 IPSec and IKE troubleshooting

Item

Configuring the
IPSec policy
group
application

Sub-item

Configure the interface

type and ID

Configure the name of

the IPSec policy group

Description

The Secure Router 8000 Series implements
IPSec not only on physical interfaces, such
as the serial interface and the Ethernet
interface, but also on virtual interfaces, such
as the tunnel interface and the virtual
template interface. That is, IPSec is also
applicable on the GRE or L2TP tunnel.

Applying an IPSec group means using all
IPSec policies so that different data flow
can be protected by different IPSec policies.

Note that an interface can be configured
with only one IPSec policy group. If

another policy group is required, remove the
previous group. One policy group can be
applied to several interfaces.

Sent packets search IPSec policies and
select the one with the lowest sequence

number. If the packets match an ACL rule,
the policy using this ACL is applied. If they
do not match an ACL rule, they continue to

search the following policies. Finally, if no

matching ACL rules are configured, packets
are sent directly without security protection.

Router A serves as an example for the configuration notes for setting up SAs manually. Router
B and Router A are mutually mirroring.

CP

NOTE

The following sections cover part of the commands for configuring IPSec SA. For more information, see
Nortel Secure Router 8000 Series Configui^ation Guide - Security (NN46240-600).

Configuring an ACL

# Configure an ACL, permitting the data flow from 10.1.1.x to 10.1.2.x.

[RouterA] acl number 3101

[RouterA-acl-adv-3101]

rule

permit

ip

source

10.1.1.0

0.0.0.255

destination

10.1.2.0

0.0.0.255

Configuring an IPSec proposal

# Configure the name of the IPSec proposal to tran 1, the encapsulation mode to tunnel mode,
the protocol to ESP, the authentication algorithm to SHA-1, and the encryption algorithm to
DES.

[RouterA-ipsec-proposal-t^ranl]

[RouterA-ipsec-proposal-t^ranl]

[RouterA-ipsec-proposal-t^ranl]

[RouterA-ipsec-proposal-t^ranl]

encapsulation-mode tunnel
transform esp
esp authentication-algorithm sha1
esp encryption-algorithm des

Issue 01.01 (30 March 2009)

Nortel Networks Inc.

2-9

Advertising
Popular Brands
Popular manuals