Router User Manual
Nortel Secure Router 8000 Series
Troubleshooting - VAS 2 IPSec and IKE troubleshooting
Issue 01.01 (30 March 2009) Nortel Networks Inc. 2-27
Item Sub-item Description
Configure the peer
name
The name is a string of 1 to 15 characters.
If the local authentication mode is name,
you need to specify the peer name.
Enable NAT By default, NAT is disabled.
Configure the name of
the IPSec policy
template
The name is a string of 1 to 15 characters.
Policies with the same name are in a
policy group. The name and sequence
number define one policy; each policy
group has a maximum of 100 policies.
Parameters of the IPSec policy template
must be the same as those of IPSec
ISAKMP.
Note that parameters such as proposal and
ike-peer are mandatory while other
parameters are optional.
In IKE negotiation, if the IPSec policy
template is used, all configured parameters
on the two ends must match. If no
parameters are configured for an IPSec
policy template, the parameters of the
IPSec policy are the same as those of the
initiator.
Configure the
sequence number of
the IPSec policy
template
The sequence number of the IPSec policy
template ranges from 1 to 10000.
The lower the sequence number, the
higher the priority.
Configure the
negotiation mode
This is null because you can only use
ISAKMP mode.
Configure the ACL This can be unspecified.
Configure the IPSec
protocol
The security protocol, algorithm, and
encapsulation type must be the same on
two ends of the tunnel.
Configure the IKE
peer
Configure the IKE peer to the policy.
Configuring the
IPSec policy
template
Configure PFS For configuration precautions, see the
configuration notes for “
Troubleshooting
ISAKMP SA.”
Configuring the
IPSec policies and
using the IPSec
policy template
Configure the name of
the IPSec policy
The name is a string of 1 to 15 characters.
Policies with the same name are in a
policy group. The name and sequence
number define one policy; each policy
group has a maximum of 100 policies.