Router User Manual

ManualsBrandsPanasonic ManualsNetwork Router8000

Nortel Secure Router 8000 Series

Troubleshooting - VAS 2 IPSec and IKE troubleshooting

Issue 01.01 (30 March 2009) Nortel Networks Inc. 2-33

2.5.1 Typical networking

Figure 2-10 shows the networking diagram of NAT traversal in the IPSec tunnel.

Figure 2-10 Networking diagram of IPSec NAT

Firewall C

202.38.163.1

Eth2/0/1

202.38.162.1

Router B

10.1.2.1

PC B

10.1.2.210.1.1.2

10.1.1.1

PC A

Router A

Internet

202.38.162.10

Eth0/0/1

Eth1/0/1

The networking environment is as follows:

A firewall (Firewall C) exists between Router A and Router B.

Create a security tunnel between Router A and Router B.

Set up SAs using an IPSec policy template.

Provide security protection to the data flow between the subnetwork segments 10.1.1.x

and 10.1.2.x.

Specify the security protocol, the encryption algorithm, and the authentication algorithm.

2.5.2 Configuration notes

The internal NAT network uses the normal ISAKMP SA configurations. The following table

lists the notes and constraints.

Item Sub-item Description

Configure the

ACL number

Use the advanced ACL, ranging from 3000 to

3999.

For configuring the internal NAT network, see

“

Troubleshooting ISAKMP SA.” You must

configure the ACL.

Configuring the

ACL

Configure other

items

See the configuration notes for “

Troubleshooting

ISAKMP SA.”

Configure the

IPSec proposal

name

The name is a string of 1 to 15 characters. Configuring the

IPSec proposal

Configure the

encapsulation

mode

This must be tunnel mode.