Firewall c router a – Panasonic 8000 User Manual

2 IPSec and IKE troubleshooting

Nortel Secure Router 8000 Series

_________ Troubleshooting - VAS

Item

Sub-item

Description

Configure the IP
addresses or
address segments
of the peer

Configure the IP addresses or address segments for
an IKE peer. If high-ip-address is not specified,
configure only one IP address for an IKE peer.

Here, the IP address of the peer must be a unique
address because the IPSec policy template does
not use the IKE peer.

To configure IP addresses or address segments for
peers, run the remote-address [ vpn-instance

vpn-instance-name

]

lo^-ip-address

[

high-ip-address

] command in the IKE proposal

view.

Configure the

peer name

The name is a string of 1 to 15 characters.

If the local authentication mode is “name,” you
must specify the peer name.

Enable NAT

Enable NAT.

Configuring the
IPSec policy

template

—

See the configuration notes for “Troubleshooting
SA setup using an IPSec policy template.”

Configuring the
IPSec policies
and applying the
IPSec policy

template

See the configuration notes for “Troubleshooting
SA setup using an IPSec policy template.”

Applying the
IPSec policy
group

—

See the configuration notes for “Troubleshooting
SA setup using an IPSec policy template.”

Firewall C

Router A

Configure Router A, Firewall C, and Router B.

CP

NOTE

The commands listed in the following sections cover part of IPSec configuration. For more information,
see Nortel Secure Router 8000 Series Configuration Guide - Security (NN46240-600).

Configure routes and an address pool with addresses from 202.38.162.11 to 202.38.162.20 on
Firewall C. Enable NAT on the egress Ethernet 0/0/1.

CP

NOTE

For information about firewall configuration, see the related firewall configuration documentation.

For detailed configuration information and precautions, see the configuration notes for
“Troubleshooting ISAKMP SA.”

1.

Configure the IKE local ID.

2-36

Nortel Networks Inc.

Issue 01.01 (30 March 2009)