Router User Manual
2 IPSec and IKE troubleshooting
Nortel Secure Router 8000 Series
Troubleshooting - VAS
2-24 Nortel Networks Inc. Issue 01.01 (30 March 2009)
dropped security packet detail:
no enough memory: 0
can't find SA: 2
queue is full: 0
authentication is failed: 0
wrong length: 0
replay packet: 0
too long packet: 0
wrong SA: 0
with secp,process packets failure statistics:
m2cqueue full: 0 m2csend: 0 m2ctimer: 0
c2mid: 0 c2msequence: 0 secpprocess: 0
Yon can view the sent and received IPSec packets. Routers can classify lost packets based on
packet loss causes.
If the fault persists, contact Nortel technical support.
----End
2.4 Troubleshooting SA setup using an IPSec policy
template
This section covers the following topics:
z
Typical networking
z
Configuration notes
z
Troubleshooting flowchart
z
Troubleshooting procedure
2.4.1 Typical networking
Some uncertain factors exist in the network, such as the IP addresses of mobile users. IP
addresses assigned to mobile users differ each time they dial in. In this way, the IP addresses
of IPSec tunnel ends and the protected data flow are not specified and problems occur with
IPSec deployment. In this case, configure an IPSec policy template on the receiver.
Figure 2-8 shows the networking diagram for setting up SAs using an IPSec policy template.
Based on this diagram, you can also remove faults occurring in SA setup.