Panasonic 8000 User Manual

2 IPSec and IKE troubleshooting

Nortel Secure Router 8000 Series

_________ Troubleshooting - VAS

Item

Sub-item

Description

Configure the
authentication mode

Specify pre-shared key for the IKE

proposal authentication mode. You need to
configure the authenticator for pre-shared
key.

By default, the authentication mode is
pre-shared key.

Configure the
authentication
algorithm

MD5 or SHA-1.

By default, the authentication algorithm is

SHA-1.

Configure the
encryption algorithm

DES or 3DES.

By default, the encryption algorithm is
DES.

Configure the
Diffie-Hellman group
flag

The Diffie-Hellman group flag can be
groupl (768 bits) or group2 (1024 bits).

By default, use groupl (768 bits) as the
Diffie-Hellman group.

Configure the
ISAKMP SA duration

Specify an ISAKMP SA duration.

For configuration notes, see the notes for
“Troubleshooting ISAKMP SA.”

Configuring the IKE

peer

Configure the name of

the IKE peer

The name is a string of 1 to 15 characters.

Configure the IKE

negotiation mode

Main mode or aggressive mode. By
default, main mode is used.

Configure the IKE

proposal number

In main mode, use the configured IKE
proposals.

In aggressive mode, use the default IKE
proposals.

Configure the local ID

type

Specify an IKE ID. This can be the IP

address or the name of the IKE peer. In
main mode, the IP address is configured as
the local ID.

By default, the IP address is used.

Configure the
authenticator

Currently, only the pre-shared key
authentication type is applicable.

You must configure shared keys on all
peers. The shared key of two ends in the
same SA must be the same.

Configure the IP
addresses or address
segments of peers

Configure the IP addresses or address
segments for an IKE peer.

Nortel recommends that you configure an

IP address range for the remote end rather
than specify the IP address.

2-26

Nortel Networks Inc.

Issue 01.01 (30 March 2009)