Router User Manual
2 IPSec and IKE troubleshooting
Nortel Secure Router 8000 Series
Troubleshooting - VAS
2-40 Nortel Networks Inc. Issue 01.01 (30 March 2009)
2.5.3 Troubleshooting flowchart
Figure 2-11 Troubleshooting flowchart of NAT traversal in IPSec
Yes
No
IPSec tunnel
fails
Can tunnel ends
with no IPSec policy ping
through each other ?
Is IKE
negotiation in Phase 1 in
aggressive mode?
Is name
configured as the peer ID
authentication type
?
Is NAT enabled on IKE peers?
Is ESP adopted
in IPSec proposals?
Is the
tunnel mode adopted in IPSec
proposals?
The fault disappears?
Modify the
adopted
encapsulation type
Modify the
adopted protocol
type
Enable NAT
Modify the ID
authentication
type
Modify the
negotiation mode
in Phase 1
Check the route
and the physical
link between them
The fault
disappears?
The fault
disappears?
The fault
disappears?
The fault
disappears?
The fault
disappears?
The fault
disappears?
End
End
End
End
End
End
End
Seek
technical
support
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
No
No
No
No
No
No
No
No
No
No
No
No