Router User Manual
Nortel Secure Router 8000 Series
Troubleshooting - VAS 2 IPSec and IKE troubleshooting
Issue 01.01 (30 March 2009) Nortel Networks Inc. 2-35
Item Sub-item Description
Applying the
IPSec policy
group
— See the configuration notes for “Troubleshooting
ISAKMP SA.”
For configuring the external NAT network, see “
Troubleshooting SA setup using an IPSec
policy template.” The following table lists the notes and constraints.
Item Sub-item Description
Configuring the
ACL
— Configure the external NAT network using the
template. ACL configuration is not required.
Configure the
IPSec proposal
name
The name is a string of 1 to 15 characters.
Configure the
encapsulation
mode
This must be tunnel mode.
Configuring the
IPSec proposal
Configure other
items
See the configuration notes for “
Troubleshooting
ISAKMP SA.”
Configuring the
local ID for IKE
Configure the
local ID for IKE
You must configure the local ID because NAT
traversal uses aggressive IKE negotiation and the
local name is configured as the local
authentication type.
Configuring the
IPSec proposal
— See the configuration notes for “Troubleshooting
ISAKMP SA.”
Configure the
IKE peer name
The name is a string of 1 to 15 characters.
Configure the
IKE negotiation
mode
Use aggressive negotiation mode.
Configure the
sequence number
of IKE proposals
Use the default IKE proposal in aggressive mode.
Configure the
local ID type
Specify the local name as the local ID.
Configuring the
IKE peer
Configure the
authenticator
Currently, only the pre-shared key authentication
type is applicable.
You must configure shared keys on the peer. The
shared keys of two ends in the same SA must be
the same.