Panasonic 8000 User Manual
Page 79
Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".
2 IPSec and IKE troubleshooting
Nortel Secure Router 8000 Series
_________ Troubleshooting - VAS
IPsec policy name: "map1"
sequence number: 10
mode: isakmp
security data flow : 3101
ike-peer name:
routerc
perfect forward secrecy: None
proposal name:
tran2
IPsec sa local durat^ion(t^ime based): 3600 seconds
IPsec sa local durat^ion(t^raffic based): 1843200 kilobytes
IPsec policy name: "map1"
sequence number: 100
mode: template
policy template name: maptemp
<RouterA> display ipsec policy brief
IPsec-Po licy-Name Mode acl ike-peer
Local-Address Remote-Address
map1-10
isakmp 3101 routerc
map1-100
template
Based on the preceding display, view the priorities of the policies; that is, check whether the
sequence number of the policy that uses the IPSec policy template is the highest.
For information about checking other items, see the troubleshooting procedure for
“Troubleshooting ISAKMP SA.”
If IPSec policies are correct, continue with the following steps.
Step 5 Check whether IPSec can encapsulate or decapsulate packets based on SAs.
Use the debugging ipsec packet command to view IPSec packet encapsulation and
decapsulation.
You can also use the display ipsec statistics command. For details, see the troubleshooting
procedure for “Troubleshooting ISAKMP SA.”
If the fault remains, contact Nortel technical support.
----End
2.5 Troubleshooting NAT traversal in the IPSec tunnel
This section covers the following topics:
•
•
•
2-32
Nortel Networks Inc.
Issue 01.01 (30 March 2009)