Router User Manual
2 IPSec and IKE troubleshooting
Nortel Secure Router 8000 Series
Troubleshooting - VAS
2-52 Nortel Networks Inc. Issue 01.01 (30 March 2009)
Using local-address: {}
Using interface: {Ethernet0/2/0}
===========================================
-----------------------------
IPsec policy name: "map1"
sequence number: 10
mode: manual
-----------------------------
security data flow : 3101
tunnel local address: 202.38.163.1
tunnel remote address: 202.38.162.1
proposal name:tran1
inbound AH setting:
AH spi:
AH string-key:
AH authentication hex key:
inbound ESP setting:
ESP spi: 54321 (0xd431)
ESP string-key: gfedcba
ESP encryption hex key:
ESP authentication hex key:
outbound AH setting:
AH spi:
AH string-key:
AH authentication hex key:
outbound ESP setting:
ESP spi: 12345 (0x3039)
ESP string-key: abcdefg
ESP encryption hex key:
ESP authentication hex key:
Using interface: {Ethernet0/2/0}
The display indicates the interface that uses the IPSec policy group.
You can use the ipsec policy command to change the interface that uses IPSec policies.
mode: manual
The display indicates two IPSec policy modes: manual mode and ISAKMP mode.
You can use the ipsec policy policy-name seq-number { manual | isakmp } command to
configure IPSec policies.
security data flow : 3101
The display indicates the ACL used in the IPSec policy.
You can use the security acl command to modify the configuration.
tunnel local address: 202.38.163.1
The display indicates the local address of IPSec tunnel. This address is the address of the
interface that uses the IPSec policy group.
tunnel remote address: 202.38.162.1
The display indicates the IP address of the remote end on the IPSec tunnel. You need to
configure this address only for the manually set up IPSec SA.
You can use the tunnel remote command to modify the configuration.