Router User Manual
Nortel Secure Router 8000 Series
Troubleshooting - VAS 2 IPSec and IKE troubleshooting
Issue 01.01 (30 March 2009) Nortel Networks Inc. 2-43
Figure 2-12 Networking diagram of configuring IPSec
Pos1/0/1
202.38.163.1
Pos2/0/1
202.38.162.1
Router
B
10.1.2.1
PC
B
10.1.2.2
10.1.1.2
10.1.1.1
PC
A
Router
A
IPSe
c
GREIPSec
Internet
The networking environment is as follows:
z
Create a GRE tunnel between Router A and Router B.
z
Create an IPSec tunnel between Router A and Router B to protect packets forwarded
through the GRE tunnel.
z
Specify the data flow between subnetwork segments 10.1.1.x and 10.1.2.x to pass the
GRE tunnel.
z
Set up IPSec SAs in ISAKMP mode.
2.6.2 Configuration notes
Item Sub-item Description
Configure the tunnel type Configure a GRE tunnel.
Configure the source IP
address of the tunnel
For configuration notes, see the section
about GRE troubleshooting in Nortel
Secure Router 8000 Series
Troubleshooting - VPN (NN46240-710).
Configuring the
GRE tunnel
Configure the destination
IP address of the tunnel
For configuration notes, see the section
about GRE troubleshooting in Nortel
Secure Router 8000 Series
Troubleshooting - VPN (NN46240-710).
Configure the ACL number Use the advanced ACL, ranging from
3000 to 3999.
Configure the protocol ID
specified in the ACL
The protocol ID of GRE.
Configure the source and
destination addresses
specified in ACL rules
The source and destination IP addresses of
the GRE tunnel.
Configuring the
ACL
Configure other items in
ACL rules
Not required.