Router User Manual
Nortel Secure Router 8000 Series
Troubleshooting - VAS 2 IPSec and IKE troubleshooting
Issue 01.01 (30 March 2009) Nortel Networks Inc. 2-15
Figure 2-5 Networking diagram of setting up ISAKMP IPSec
Pos1/0/1
202.38.163.1
Pos2/0/1
202.38.162.1
10.1.2.
1
10.1.2.
2
10.1.1.
2
10.1.1.
1
Internet
Router A
Router B
The networking environment is as follows:
z
Set up IPSec SA in IKE negotiation mode.
z
Create a security tunnel between Router A and Router B.
z
Provide security protection to the data flow between the two network segments 10.1.1.x
and 10.1.2.x.
z
Specify the security protocol, the encryption algorithm, and the authentication algorithm.
2.3.2 Configuration notes
Item Sub-item Description
Configure the ACL
number
Use the advanced ACL, ranging from 3000
to 3999.
Configure the source
and destination
addresses specified in
ACL rules
Specify the source and destination IP
address of the data flow to protect. Nortel
recommends that you avoid using the
keyword any.
Configure the source
and destination ports
specified in ACL rules
Optional.
Configure the other
items in ACL rules
Not required.
Configuring the
ACL
Configure the number
of ACL rules
Configure only one ACL rule.
Configure the name of
an IPSec proposal
The name of an IPSec proposal has 1 to 15
characters.
Configure the
encapsulation mode
Transport mode or tunnel mode.
Configure the security
protocol
AH, ESP, or AH-ESP.
Configuring the
IPSec proposal
Configuring the
local ID for IKE
Configuring IKE
proposals
Configure the
authentication algorithm
MD5 or SHA-1.