Router User Manual
Nortel Secure Router 8000 Series
Troubleshooting - VAS 2 IPSec and IKE troubleshooting
Issue 01.01 (30 March 2009) Nortel Networks Inc. 2-7
Item Sub-item Description
Configure the source
and destination port
specified in ACL rules
Optional.
Configure the other
items in ACL rules
Not required.
Configure the number of
ACL rules
Configure only one rule.
Configure the name of
the IPSec proposal
The name is a string of 1 to 15 characters.
Configure the
encapsulation mode
Transport mode or tunnel mode.
Configure the security
protocol
AH, ESP, or AH-ESP.
Configure the
authentication algorithm
MD5 or SHA-1.
Configuring the
IPSec proposal
Configure the
encryption algorithm
DES or 3DES.
Configure the name of
the IPSec policy
The name is a string of 1 to 15 characters.
Policies with the same name are in a policy
group. The name and sequence number
define one policy; each policy group has a
maximum of 10000 policies.
Configure the sequence
number of the IPSec
policy
The sequence number ranges from 1 to
10000. The lower the value, the higher the
priority.
Configure the
negotiation mode
Set up SAs manually.
Configure the ACL Each security policy can use only one ACL
rule. If there are several ACL rules, the last
configured ACL takes effect.
Configure the IPSec
protocol used
In IPSec SA manual setup, each policy can
use only one proposal.
Remove the previously configured proposal
before you establish a new one.
The security protocol, the algorithm, and
the encapsulation type must be the same on
the two ends of the tunnel.
Configuring the
IPSec policy
Configure the IP address
of the peer
The IP address for the peer.