Router User Manual
Nortel Secure Router 8000 Series
Troubleshooting - VAS 2 IPSec and IKE troubleshooting
Issue 01.01 (30 March 2009) Nortel Networks Inc. 2-11
2.2.3 Troubleshooting flowchart
Figure 2-4 Troubleshooting flowchart of IPSec SA manual setup
Are the manually
configured SPIs on two ends
inretroactive agreement?
Yes
No
IPSec tunnel
fails
Can two ends of the
tunnel with no IPSec policy ping
through each other ?
The start and
the end points defined on two ends
are the same
Are adopted
IPSec proposals on two
ends consistent?
Are adopted
ACLs on two ends
mutual-mirroring?
Seek
technical
support
Modify ACLs
Modify the
adopted IPSec
proposals
Modify the start
and the end
points
Modify SPIs
Modify the
authentication
and encryption
shared keys
Are manually
configured authentication
and encryptionshared keys
in retroactive
agreement?
The fault disappears?
The fault
disappears?
The fault
disappears?
The fault
disappears?
The fault
disappears?
The fault
disappears?
The fault
disappears?
End
Check the route
and the physical
link between
them
Yes
Yes
Yes
Yes
Yes
Yes
No
No
No
No
No
No
No
No
No
No
No
No
Yes
Yes
Yes
Yes
Yes
Yes