1 typical networking, 1 typical networking -42, 6 troubleshooting gre over – Panasonic 8000 User Manual

Page 89: Ipsec or l2tp over ipsec

Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".

Advertising
background image

2 IPSec and IKE troubleshooting

Nortel Secure Router 8000 Series

_________ Troubleshooting - VAS

Use the display ipsec proposal name command to view if the specified IPSec proposals on
two ends are the same.

<RouterA> display ipsec proposal name trant

IPsec proposal name : t^ran1

encapsulation mode: tunnel

transform: esp-new

ESP protocol: authentication sha1-hmac-96, encryption des

Use the preceding command on Router A and Router B to view the constraint conditions. If
the IPSec proposals are correct, continue with the following steps.

Step 6 Check that IPSec can encapsulate or decapsulate inbound and outbound packets.

Use the debugging ipsec packet command to view if IPSec can encapsulate or decapsulate
packets.

You can also use the display ipsec statistics command to view IPSec statistics. See the
troubleshooting procedure for “Troubleshooting ISAKMP SA.”

Step 7 Check that IPSec tunnel ends in the external and internal NAT network are routable.

If Router B has no route to 10.1.1.0/24, use the debugging ipsec packet and the display ipsec
statistics commands to determine the following:

Router A can send the encapsulated IPSec packets but cannot decapsulate packets.

Router B can receive and decapsulate IPSec packets but cannot encapsulate packets.

In this case, you need to specify a route to 10.1.1.0/24 on Router B.

CQ NOTE

In the internal NAT network, Router A uses the private IP address. It is not advisable to configure a

private route from Router B to Router A. In an actual application, PC A and PC B are configured with

loopback addresses.

If the fault persists, contact Nortel technical support.

----End

2.6 Troubleshooting GRE over IPSec or L2TP over IPSec

This section covers the following topics:

Typical networking

Configuration notes

Troubleshooting flowchart

Troubleshooting procedure

2.6.1 Typical networking

The basic concepts of GRE over IPSec and L2TP over IPSec are the same. That is, the tunnel
is first encapsulated with GRE or L2TP and then with IPSec. The processing of IPSec packets
and common IP packets is almost the same. In practice, IPSec packets are the data transmitted
on two IPSec tunnel ends.

Figure 2-12 shows GRE over IPSec. The troubleshooting procedure is based on this diagram.

2-42

Nortel Networks Inc.

Issue 01.01 (30 March 2009)

Advertising
Popular Brands
Popular manuals