Router User Manual
Nortel Secure Router 8000 Series
Troubleshooting - VAS 2 IPSec and IKE troubleshooting
Issue 01.01 (30 March 2009) Nortel Networks Inc. 2-51
Command Description
display ipsec sa policy
Displays the SA associated with the IPSec policy.
display ipsec sa brief
Displays brief information about the IPSec SA.
display ike proposal
Displays the IKE protocol.
display ike peer name
Displays the IKE peer.
display ike sa
Displays the IKE SA.
display ipsec statistics
Displays IPSec statistics.
display ipsec proposal name
<RouterA> display ipsec proposal name tran1
IPsec proposal name: tran1
encapsulation mode: tunnel
transform: ah-esp-new
AH protocol: authentication sha1-hmac-96
ESP protocol: authentication sha1-hmac-96, encryption 3des
encapsulation mode: tunnel
The display indicates two IPSec packet encapsulation types: transport mode and tunnel mode.
You can use the encapsulation-mode { transport | tunnel } command to modify the
configuration.
transform: ah-esp-new
The display indicates the security protocols in the IPSec proposal: AH, ESP, and AH-ESP.
You can use the transform { ah | esp | ah-esp } command to modify the configuration.
AH protocol: authentication sha1-hmac-96
The display indicates the authentication algorithms in the AH protocol: SHA-1 (sha1-hmac-96)
and MD5 (md5-hmac-96).
You can use the ah authentication-algorithm { md5 | sha1 } command to modify the
configuration.
ESP protocol: authentication sha1-hmac-96, encryption 3des
The display indicates the authentication algorithms and encryption algorithms in ESP. The
authentication algorithms are SHA-1 and MD5 and the encryption algorithms are DES and
3DES.
You can use the esp authentication-algorithm { md5 | sha1 } command and the esp
encryption-algorithm { 3des | des } command to modify the configuration.
display ipsec policy name
z
IPSec policies manually configured:
<RouterA> display ipsec policy name map1
===========================================
IPsec Policy Group: "map1"