Router b, Router -9 – Panasonic 8000 User Manual

Page 85

Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".

Advertising
background image

2 IPSec and IKE troubleshooting

Nortel Secure Router 8000 Series

_________ Troubleshooting - VAS

Router B

[RouterA-Ethernet1/2/0] ipsec policy map1

For information about configuring Router B, see the configuration notes for “Troubleshooting

SA setup using an IPSec policy template.”

1.

Configure the local ID for IKE.

# Configure the local ID of the host in aggressive IKE negotiation mode.

<RouterB> system-view

[RouterB] ike local-name routerb

2.

Configure IKE proposals.

If no proposal is configured, the remote IKE ends use the default IKE proposals.

3.

Configure the IKE peer.

# Configure the name of the IKE peer to routera, use aggressive negotiation mode, set
“name” as the local ID authentication type, and preset the shared key to nortel. Enable
NAT on it.

Note the following:

The shared keys configured on the connected peer must be consistent.

“Name” is used as the ID authentication type. The remote name must be the same as the
local IKE ID configured on the peer through the ike local-name command.

You need not configure the remote IP address.

[RouterB] ike peer routera

exchange-mode aggress ive

local-id-type name

pre-shared-key nortel

remote-name routera

nat traversal

4.

[RouterB-ike-peer-routera]

[RouterB-ike-peer-routera]

[RouterB-ike-peer-routera]

[RouterB-ike-peer-routera]

[RouterB-ike-peer-routera]

Configure an ACL.

No ACL is configured; that is, the data to protect is unspecified but defined in the ACL
rules of the negotiation initiator.

5.

Configure an IPSec proposal.

# Configure the name of IPSec proposal to tranl. The proposal uses the tunnel mode,

SHA-1 authentication algorithm, and DES encryption algorithm.

[RouterB] ipsec proposal tranl

[RouterB-ipsec-proposal-t^ran1] encapsulation-mode tunnel

[RouterB-ipsec-proposal-t^ran1] transform esp

[RouterB-ipsec-proposal-t^ran1] esp authentication-algorithm shal

[RouterB-ipsec-proposal-t^ran1] esp encryption-algorithm des

6.

Configure an IPSec policy template.

# Configure the name of the IPSec policy template to maptemp and the sequence number
to 10. The ACL is not required. Use the configured IPSec proposal tranl and configure
the IKE peer to routerb.

[RouterB] ipsec policy-template maptemp 10

[RouterB-ipsec-policy-templet^-maptemp-10] proposal tranl

2-38

Nortel Networks Inc.

Issue 01.01 (30 March 2009)

Advertising
Popular Brands
Popular manuals