Configuring ike proposals, Configuring the ike peer, Configuring an acl – Panasonic 8000 User Manual

Page 92: Configuring an ipsec proposal, Configuring an ipsec policy, Applying the ipsec policy group

Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".

Advertising
background image

Nortel Secure Router 8000 Series
Troubleshooting - VAS__________

2 IPSec and IKE troubleshooting

[RouterA-Tunnel^1/0/1] destination 202.38.162.1

Configuring IKE proposals

If no IKE proposal is configured, the remote end uses default IKE proposals.

Configuring the IKE peer

# Configure the name of the IKE peer to routerb and use aggressive negotiation mode. Preset
the shared key to nortel. Note that the shared keys configured on two ends must be consistent.
Configure an IP address 202.38.162.1 for the remote end.

[RouterA] ike peer routerb

[RouterA-ike-peer-routerb] exchange-mode agressive

[RouterA-ike-peer-routerb] pre-shared-key nortel

[RouterA-ike-peer-routerb] remote-address 202.38.162.1

Configuring an ACL

# Configure an ACL, defining the protected GRE packets.

[RouterA] acl number 3101

[RouterA-acl-adv-3101]

rule

permit

gre

source

202.38.163.1

0

destination

202.38.162.1

0

Configuring an IPSec proposal

# Configure the name of the IPSec proposal to tranl and use transport mode to save
bandwidth. The policy uses the ESP security protocol, the SHA-1 authentication algorithm,
and the DES encryption algorithm.

[RouterA] ipsec proposal tran1

[RouterA-ipsec-proposal-t^ran1] encapsulation-mode transport

[RouterA-ipsec-proposal-t^ran1] transform esp

[RouterA-ipsec-proposal-t^ran1] esp authentication-algorithm sha1

[RouterA-ipsec-proposal-t^ran1] esp encryption-algorithm des

Configuring an IPSec policy

# Configure the name of IPSec policy to map1, the sequence number to 10, and the
negotiation mode to ISAKMP. Apply the configured ACL and IPSec proposal tranl to the
policy. Configure the IKE peer to routerb.

[RouterA] ipsec policy map1 10 isakmp

[RouterA-ipsec-policy-isakmp-map1-10] security acl 3101

[RouterA-ipsec-policy-isakmp-map1-10] proposal tran1

[RouterA-ipsec-policy-isakmp-map1-10] ike-peer routerb

Applying the IPSec policy group

# Apply the IPSec policy group mapl on the specified interface.

Note that the interface should be the physical interface on the tunnel with the source address
202.38.163.1. It should not be the GRE virtual interface tunnel 1/0/1.

[RouterA] interface Pos 1/0/1

[RouterA-Pos1/0/1] ipsec policy map1

Issue 01.01 (30 March 2009)

Nortel Networks Inc.

2-45

Advertising
Popular Brands
Popular manuals