Panasonic 8000 User Manual

Nortel Secure Router 8000 Series
Troubleshooting - VAS__________

2 IPSec and IKE troubleshooting

Item

Sub-item

Description

Configure the IKE

proposal ID

In main mode, use the configured IKE
proposal.

In aggressive mode, use the default IKE
proposal.

Configure the local ID

type

Specify the IKE ID. This can be an IP

address or the name of the IKE peer.

In main mode, only the IP address can be
the local ID. By default, the IP address is
the IKE ID.

Configure the

authenticator

Currently, only the pre-shared key
authentication type is applicable.

You need to configure shared keys on the
peer. The shared keys at two ends must be
the same.

Configure the IP
addresses or address
segments of the peer

Configure the IP addresses or address
segments for the IKE peer. If
high-ip-address is not specified, configure
only one IP address for the IKE peer.

Here, the peer should be configured as an IP
address, but not an IP address segment

Configure the peer

The name is a string of 1 to 15 characters.

name

If “name” is used as the local authentication
mode, specify the peer name.

Enable NAT

By default, NAT is disabled.

Before configuring the IKE peer, disable

NAT

Configuring
IPSec policies

Configure the name of

the IPSec policy

The name is a string of 1 to 15 characters.

Policies with the same name are in a policy
group. The name and sequence number
define one policy; each policy group has a
maximum of 100 policies.

Configure the sequence

number of the IPSec
policy

The sequence number ranges from 1 to

10000. The lower the value, the higher the

priority.

Configure the

negotiation mode

Set up SAs in ISAKMP mode.

Configure the ACL

Each IPSec policy can use only one ACL.

Configure the IPSec

protocol

The security protocol, algorithm, and
encapsulation type must be the same on the
two ends of the tunnel.

Configure the IKE peer

The IPSec policy uses the IKE peer.

Issue 01.01 (30 March 2009)

Nortel Networks Inc.

2-17