1 typical networking, 1 typical networking -24, 4 troubleshooting sa setup – Panasonic 8000 User Manual
Page 71: Using an ipsec policy template
Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".
2 IPSec and IKE troubleshooting
Nortel Secure Router 8000 Series
_________ Troubleshooting - VAS
dropped securi^ty packet detai^l^:
no enough memory : 0
can't find SA: 2
queue is ful^l: 0
authent^ication is fa i^led: 0
wrong length: 0
replay packet: 0
too long packet: 0
wrong SA : 0
wi^th secp .process packets fai^lure stat^istics:
m2cqueue fu^l: 0 m2csend: 0 m2ctimer: 0
c2mid: 0 c2msequence : 0 secpprocess: 0
Yon can view the sent and received IPSec packets. Routers can classify lost packets based on
packet loss causes.
If the fault persists, contact Nortel technical support.
----End
2.4 Troubleshooting SA setup using an IPSec policy
template
This section covers the following topics:
•
•
Troubleshooting flowchart
•
2.4.1 Typical networking
Some uncertain factors exist in the network, such as the IP addresses of mobile users. IP
addresses assigned to mobile users differ each time they dial in. In this way, the IP addresses
of IPSec tunnel ends and the protected data flow are not specified and problems occur with
IPSec deployment. In this case, configure an IPSec policy template on the receiver.
Figure 2-8 shows the networking diagram for setting up SAs using an IPSec policy template.
Based on this diagram, you can also remove faults occurring in SA setup.
2-24
Nortel Networks Inc.
Issue 01.01 (30 March 2009)