Router User Manual
Nortel Secure Router 8000 Series
Troubleshooting - VAS 2 IPSec and IKE troubleshooting
Issue 01.01 (30 March 2009) Nortel Networks Inc. 2-25
Figure 2-8 Networking diagram of setting up SA using an IPSec policy template
PC C
GE1/0/1
202.38.163.1
Router A
Ethernet
10.1.1.2
PC A
Internet
10.1.1.X
The networking environment is as follows:
z
Set up an IPSec tunnel between Router A and PC C. The IP address of PC C is uncertain.
z
Set up an SA using an IPSec policy template on Router A.
z
Provide security protection to the data flow between PC A (at 10.1.1.x) and PC C.
z
Specify the security protocol, the encryption algorithm, and the authentication algorithm.
2.4.2 Configuration notes
Item Sub-item Description
Configuring the
ACL
Configure the ACL Not required.
Configure the name of
the IPSec proposal
The name is a string of 1 to 15 characters.
Configure the
encapsulation mode
Transport mode or tunnel mode.
Configure the security
protocols
AH, ESP, or AH-ESP.
Configure the
authentication
algorithm
MD5 or SHA-1.
Configuring the
IPSec proposal
Configure the
encryption algorithm
DES or 3DES.
Configuring the
local ID for IKE
Configure the local ID
for IKE
Configuration required only in aggressive
negotiation mode.
Configuring the
IPSec proposal
Configure the priority
of the IKE proposal
This is an integer from 1 to 100, indicating
the priority of a specified IKE proposal.
The lower the value, the higher the
priority.