Router User Manual
Nortel Secure Router 8000 Series
Troubleshooting - VAS 2 IPSec and IKE troubleshooting
Issue 01.01 (30 March 2009) Nortel Networks Inc. 2-57
You can use the dh { group1 | group2 } command to modify the configuration.
duration(seconds)
This indicates the ISAKMP SA duration in IKE proposals.
You can use the sa duration command to modify the configuration. To ensure secure
communication in ISAKMP SA updates, set the duration to more than 10 minutes.
display ike peer name
<RouterA> display ike peer name routerb
---------------------------
IKE Peer: routerb
exchange mode: aggressive on phase 1
pre-shared-key: nortel
proposal:
local id type: name
peer ip address: 202.38.162.1
peer name: routerb
nat traversal: disable
---------------------------
exchange mode: aggressive on phase 1
The preceding configuration displays two IKE negotiation modes: aggressive mode
(aggressive on phase 1) and main mode (main on phase 1).
You can use the exchange-mode { main | aggressive } command to modify the
configuration.
pre-shared-key: nortel
The preceding configuration displays the identity authenticator of the pre-shared key.
You can use the pre-shared-key command to modify the configuration.
proposal:
The preceding configuration displays the IKE proposals. Here, the null display indicates using
default IKE proposals.
You can use the ike-proposal command to modify the configuration.
local id type: name
The preceding configuration displays the local ID type, which can be the IP address or the
name. In main mode, use only the IP address as the local ID.
You can use the local-id-type { ip | name } command to modify the configuration.
peer ip address: 202.38.162.1
The preceding configuration displays the peer IP address.
You can use the remote-address command to modify the configuration.
peer name: routerb
The preceding configuration displays the peer name, which is also the peer ID.
You can use the remote-name command to modify the configuration.