Router User Manual
2 IPSec and IKE troubleshooting
Nortel Secure Router 8000 Series
Troubleshooting - VAS
2-44 Nortel Networks Inc. Issue 01.01 (30 March 2009)
Item Sub-item Description
Configure the number of
ACL rules
Configure only one ACL rule.
Configure the name of
the IPSec proposal
The name is a string of 1 to 15 characters.
Configure the
encapsulation mode
Transport mode or tunnel mode.
To save bandwidth, transport mode is
preferred.
Configuring the
IPSec proposal
Configure other items See “
Troubleshooting ISAKMP SA.”
Configuring the
local ID for
IKE
— See “Troubleshooting ISAKMP SA”.
Configuring the
IKE proposals
— See “Troubleshooting ISAKMP SA.”
Configuring the
IKE peer
— See “Troubleshooting ISAKMP SA.”
Configuring the
IPSec policy
— See “Troubleshooting ISAKMP SA.”
Configure the type and
number of interfaces
Enable IPSec on the physical interfaces on
a GRE tunnel. The source and the
destination IP addresses of the tunnel must
not be loopback addresses.
IPSec over GRE supports applying a
policy group to GRE virtual interfaces.
Applying the
IPSec policy
Configure the IPSec policy
group name
Apply only one IPSec policy group on one
interface.
For configuration notes, see
“
Troubleshooting ISAKMP SA.”
Router A serves as an example of the configuration notes for GRE over IPSec. Router B and
Router A are mutually mirroring.
The following sections cover part of the commands used to configure IPSec. For more information, see
Nortel Secure Router 8000 Series Configuration Guide - Security (NN46240-600).
Configuring a GRE tunnel
# Encapsulate the tunnel with GRE. Configure the IP addresses for the source and destination
tunnel ends. Note that the two addresses cannot be loopback addresses.
<RouterA> system-view
[RouterA] interface tunnel 1/0/1
[RouterA-Tunnel1/0/1] tunnel-protocol gre
[RouterA-Tunnel1/0/1] source 202.38.163.1