2 configuration notes, 2 configuration notes -15, Configuration notes – Panasonic 8000 User Manual

Nortel Secure Router 8000 Series
Troubleshooting - VAS__________

2 IPSec and IKE troubleshooting

Figure 2-5 Networking diagram of setting up ISAKMP IPSec

Router B

Pos2/0/1

202.38.162.1L2^

10.1.1.

1

10.1.1

2

Router

^

^

F

Pos1/0/^

f

Pos2/0/1

^^■^5^202.38.163.^/

■ 202.38.162.1

---------—-------/ Internet Æ---------------------------- 1

10.1.2.

1

10.1.2.

2

The networking environment is as follows:

•

Set up IPSec SA in IKE negotiation mode.

•

Create a security tunnel between Router A and Router B.

•

Provide security protection to the data flow between the two network segments 10.1.1.x
and 10.1.2.x.

•

Specify the security protocol, the encryption algorithm, and the authentication algorithm.

2.3.2 Configuration notes

Item

Sub-item

Description

Configuring the

ACL

Configure the ACL

number

Use the advanced ACL, ranging from 3000
to 3999.

Configure the source
and destination
addresses specified in

ACL rules

Specify the source and destination IP

address of the data flow to protect. Nortel
recommends that you avoid using the
keyword any.

Configure the source
and destination ports
specified in ACL rules

Optional.

Configure the other

items in ACL rules

Not required.

Configure the number
of ACL rules

Configure only one ACL rule.

Configuring the
IPSec proposal

Configuring the
local ID for IKE

Configuring IKE

proposals

Configure the name of
an IPSec proposal

The name of an IPSec proposal has 1 to 15
characters.

Configure the
encapsulation mode

Transport mode or tunnel mode.

Configure the security

protocol

AH, ESP, or AH-ESP.

Configure the
authentication algorithm

MD5 or SHA-1.

Issue 01.01 (30 March 2009)

Nortel Networks Inc.

2-15