Configuring an ike proposal, Configuring an ike peer – Panasonic 8000 User Manual

2 IPSec and IKE troubleshooting

Nortel Secure Router 8000 Series

_________ Troubleshooting - VAS

Item

Sub-item

Description

Configure the
sequence number of

the IPSec policy

The sequence number ranges from 1 to

10000. The lower the value, the higher the

priority.

Configure the

negotiation mode

Set up SAs in ISAKMP mode.

Use the IPSec policy
template

Use the previously configured IPSec
policy template. The SA set up by a
referential policy template can be the
responder, but not the negotiation initiator.

Applying the IPSec
policy group

Configure the
interface type and ID

Enable the IPSec policy group on the
specified group.

For configuration notes, see the notes for
“Troubleshooting manual IPSec SA
setup .”

Configure the name of

the IPSec policy
group

Apply one IPSec policy group on one
interface.

For configuration notes, see the notes for
“Troubleshooting manual IPSec SA
setup .”

The peer PC C with an uncertain IP address must have IPSec capability and must have related
software installed. If the peer is a router, ISAKMP SA should be configured. For details, see
the configuration notes for “Troubleshooting ISAKMP SA.”

CQ NOTE

The following sections cover part of the commands for setting up SA using the IPSec policy template.
For more information, see Nortel Secure Router 8000 Series Configuration Guide - Security
(NN46240-600).

Configuring an IKE proposal

Use the default IKE proposal.

Configuring an IKE peer

# Configure the name of the IKE peer to routerb, the negotiation mode to main mode, and the
shared key to nortel. Note that shared keys on two ends must be consistent.

system-view

[RouterA] ike peer routerb

[RouterA-ike-peer-routerb] exchange-mode main

[RouterA-ike-peer-routerb] pre-shared-key nortel

The peer can be without ACL rules. The data to protect is specified in ACL rules on the
negotiation initiator.

2-28

Nortel Networks Inc.

Issue 01.01 (30 March 2009)