Router User Manual
2 IPSec and IKE troubleshooting
Nortel Secure Router 8000 Series
Troubleshooting - VAS
2-16 Nortel Networks Inc. Issue 01.01 (30 March 2009)
Item Sub-item Description
Configure the
encryption algorithm
DES or 3DES.
Configure the local ID
for IKE
In the aggressive negotiation mode, if name
is used as the local authentication type,
configure the local ID.
In the main mode, the local ID is not
necessary.
Configure the priority of
the IKE proposal
This is an integer from 1 to 100, indicating
the priority of a specified IKE proposal.
The lower the value, the higher the priority.
Configure the
authentication mode
Specify pre-shared key as the IKE proposal
authentication mode. You need to configure
the authenticator for pre-shared key.
By default, the authentication mode is
pre-shared key.
Configure the
authentication algorithm
MD5 or SHA-1.
By default, the authentication algorithm is
SHA-1.
Configure the
encryption algorithm
DES or 3DES.
By default, the encryption algorithm is DES.
Configure the
Diffie-Hellman group
flag
The Diffie-Hellman group flag can be
group1 (768 bits) or group2 (1024 bits).
By default, use group1 (768 bits) as the
Diffie-Hellman group.
Configure the ISAKMP
SA duration
Specify the ISAKMP SA duration, ranging
from 60 to 604800 seconds. The default is
86400 seconds per day.
Before the duration expires, a new SA
negotiation is set up to replace the old SA.
Use the old SA until the new SA negotiation
is complete. When the new SA is set up, the
old one is removed.
In IKE negotiation, the DH algorithm is
required. To ensure secure communication
in ISAKMP SA updates, configure the
duration to more than 10 minutes.
Configure the name of
the IKE peer
The name is a string of 1 to 15 characters. Configuring the
IKE peer
Configure the IKE
negotiation mode
Main mode or aggressive mode.
By default, main mode is used.