Router User Manual
2 IPSec and IKE troubleshooting
Nortel Secure Router 8000 Series
Troubleshooting - VAS
2-6 Nortel Networks Inc. Issue 01.01 (30 March 2009)
z
Main mode: Isolates the shared key exchange from the authentication information to
ensure the user’s identity.
z
Aggressive mode: Allows transmitting payloads related to the SA, shared key, and
authentication.
2.2 Troubleshooting manual IPSec SA setup
This section covers the following topics:
z
Typical networking
z
Configuration notes
z
Troubleshooting flowchart
z
Troubleshooting procedure
2.2.1 Typical networking
Based on Figure 2-3, you can set up an IPSec SA manually.
Figure 2-3 Networking diagram of the manual IPSec SA setup
Pos1/0/1
202.38.163.1
Pos2/0/1
202.38.162.1
10.1.2.
1
10.1.2.
2
10.1.1.
2
10.1.1.
1
Internet
Router A
Router B
The networking environment is as follows:
z
Set up the IPSec SA manually.
z
Create a security tunnel between Router A and Router B.
z
Provide security protection to the data flow between the two network segments 10.1.1 x
and 10.1.2.x.
z
Specify the security protocol, the encryption algorithm, and the authentication algorithm.
2.2.2 Configuration notes
Item Sub-item Description
Configure the ACL
number
Use the advanced Access Control List
(ACL), ranging from 3000 to 3999.
Configuring the
ACL
Configure the source
and destination address
specified in ACL rules
Specify the source and destination IP
address of the data flow to protect. Nortel
recommends that you avoid using the
keyword any.