Panasonic 8000 User Manual
Page 82
Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".
Nortel Secure Router 8000 Series
Troubleshooting - VAS__________
2 IPSec and IKE troubleshooting
Item
Sub-item
Description
Applying the
IPSec policy
group
—
See the configuration notes for “Troubleshooting
For configuring the external NAT network, see “Troubleshooting SA setup using an IPSec
policy template.” The following table lists the notes and constraints.
Item
Sub-item
Description
Configuring the
ACL
—
Configure the external NAT network using the
template. ACL configuration is not required.
Configuring the
IPSec proposal
Configure the
IPSec proposal
name
The name is a string of 1 to 15 characters.
Configure the
encapsulation
mode
This must be tunnel mode.
Configure other
items
See the configuration notes for “Troubleshooting
Configuring the
local ID for IKE
Configure the
local ID for IKE
You must configure the local ID because NAT
traversal uses aggressive IKE negotiation and the
local name is configured as the local
authentication type.
Configuring the
IPSec proposal
—
See the configuration notes for “Troubleshooting
Configuring the
IKE peer
Configure the
IKE peer name
The name is a string of 1 to 15 characters.
Configure the
IKE negotiation
mode
Use aggressive negotiation mode.
Configure the
sequence number
of IKE proposals
Use the default IKE proposal in aggressive mode.
Configure the
local ID type
Specify the local name as the local ID.
Configure the
authenticator
Currently, only the pre-shared key authentication
type is applicable.
You must configure shared keys on the peer. The
shared keys of two ends in the same SA must be
the same.
Issue 01.01 (30 March 2009)
Nortel Networks Inc.
2-35