Manualshelf

Router User Manual

ManualsBrandsPanasonic ManualsNetwork Router8000
61626364656667686970
Nortel Secure Router 8000 Series
Troubleshooting - VAS 2 IPSec and IKE troubleshooting
Issue 01.01 (30 March 2009) Nortel Networks Inc. 2-19
[RouterA-ike-peer-routerb] remote-address 202.38.162.1
1. Configure an ACL.
# Configure an ACL, specifying the data flow from 10.1.1.x to 10.1.2.x.
[RouterA] acl number 3101
[RouterA-acl-adv-3101] rule permit ip source 10.1.1.0 0.0.0.255 destination 10.1.2.0
0.0.0.255
2. Configure an IPSec proposal.
# Specify the name of the IPSec proposal as tran1. In this proposal, set the protocol
encapsulation mode to tunnel mode, the security protocol to ESP, the authentication
algorithm to SHA1, and the encryption algorithm to DES.
[RouterA] ipsec proposal tran1
[RouterA-ipsec-proposal-tran1] encapsulation-mode tunnel
[RouterA-ipsec-proposal-tran1] transform esp
[RouterA-ipsec-proposal-tran1] esp authentication-algorithm sha1
[RouterA-ipsec-proposal-tran1] esp encryption-algorithm des
3. Configure an IPSec policy.
# Specify an IPSec policy named map1. The sequence number is 10 and the negotiation
mode is ISAKMP. In this policy, use the configured ACL and the security proposal and
specify the IKE peer.
[RouterA] ipsec policy map1 10 isakmp
[RouterA-ipsec-policy-isakmp-map1-10] security acl 3101
[RouterA-ipsec-policy-isakmp-map1-10] proposal tran1
[RouterA-ipsec-policy-isakmp-map1-10] ike-peer routerb
4. Apply the IPSec policy group.
# Apply the IPSec policy map1 on the serial interface.
[RouterA] interface Pos 1/0/1
[RouterA-Pos1/0/1] ipsec policy map1
2.3.3 Troubleshooting flowchart
Figure 2-6 and Figure 2-7 show the troubleshooting flows both in Phase 1 and in Phase 2.