Panasonic 8000 User Manual
Page 81
Attention! The text in this document has been recognized automatically. To view the original document, you can use the "Original mode".
2 IPSec and IKE troubleshooting
Nortel Secure Router 8000 Series
_________ Troubleshooting - VAS
Item
Configuring the
local ID for IKE
Configuring the
IPSec proposal
Configuring the
IKE peer
Configuring the
IPSec policy
Sub-item
Configure other
items
Configure the
local ID for IKE
Configure the
IKE peer name
Configure the
IKE negotiation
mode
Configure the
sequence number
of IKE proposals
Configure the
local ID type
Configure the
authenticator
Configure the IP
address or address
segments of the
peer
Configure the
peer name
Enable NAT
Description
See the configuration notes for “Troubleshooting
You must configure a local ID for IKE because
NAT traversal uses aggressive IKE negotiation
and the local name is configured as the local
authentication type.
See the configuration notes for “Troubleshooting
The name is a string of 1 to 15 characters.
Use aggressive negotiation mode.
Use the default IKE proposal in aggressive mode.
Specify the local name as the local ID.
Currently, only the pre-shared key authentication
type is applicable.
You must configure shared keys on the peer. The
shared keys of two ends in the same SA must be
the same.
Configure the IP addresses or address segments
for the IKE peer. If high-ip-address is not
specified, configure only one IP address for the
IKE peer.
Here, the IP address of the peer must be a unique
address because the IPSec policy template does
not use the IKE peer.
To configure IP addresses or address segments for
peers, run the remote-address [ vpn-instance
vpn-instance-nawe
]
lo^-ip-address
[
high-ip-address
] command in the IKE proposal
view.
The name is a string of 1 to 15 characters.
If the local authentication mode is “name,” you
must specify the peer name.
Enable NAT.
See the configuration notes for “Troubleshooting
2-34
Nortel Networks Inc.
Issue 01.01 (30 March 2009)