1 typical networking, 2 configuration notes, 1 typical networking -33 – Panasonic 8000 User Manual
Page 80: 2 configuration notes -33, Typical networking, Configuration notes
Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".
Nortel Secure Router 8000 Series
Troubleshooting - VAS__________
2 IPSec and IKE troubleshooting
2.5.1 Typical networking
Figure 2-10 shows the networking diagram of NAT traversal in the IPSec tunnel.
Figure 2-10 Networking diagram of IPSec NAT
Router A
Eth1/0/1
10.1.1.'
10.1.1.2
,
^
^
Router B
Eth1/0/^
Eth0/0/1
}
n
.
.1
Eth2/0/1
^^^
202.38.163.^^202.38.162.1^ ln
t
erne
t
^02.38.162.^m9
10.1.2.1
FirewallC
202.38.163.^
202.38.162.10
FirewallC
%
PCA
10.1.2.2
«
PC B
The networking environment is as follows:
•
A firewall (Firewall C) exists between Router A and Router B.
•
Create a security tunnel between Router A and Router B.
•
Set up SAs using an IPSec policy template.
•
Provide security protection to the data flow between the subnetwork segments 10.1.1.x
and 10.1.2.x.
•
Specify the security protocol, the encryption algorithm, and the authentication algorithm.
2.5.2 Configuration notes
The internal NAT network uses the normal ISAKMP SA configurations. The following table
lists the notes and constraints.
Item
Sub-item
Description
Configuring the
ACL
Configure the
ACL number
Use the advanced ACL, ranging from 3000 to
3999.
For configuring the internal NAT network, see
“Troubleshooting ISAKMP SA.” You must
configure the ACL.
Configure other
items
See the configuration notes for “Troubleshooting
Configuring the
IPSec proposal
Configure the
IPSec proposal
name
The name is a string of 1 to 15 characters.
Configure the
encapsulation
mode
This must be tunnel mode.
Issue 01.01 (30 March 2009)
Nortel Networks Inc.
2-33