Avaya Configuring IPsec Services Bedienungsanleitung PDF herunterladen (Seite 104)

Configuring IPsec Services

C-20

308630-14.00 Rev 00

Contivity Features Not Supported by BayRS

BayRS does not support the following Contivity features:

• Certificates/Public Key Infrastructure (PKI)

• Delete Payload for IKE SA sent when terminating IKE SAs

• IPsec Transport Mode

• AH IPsec protocol

• Ethernet interface configured as an IPsec gateway

• Vendor ID disable/enable (vendor ID is always enabled and not configurable

on BayRS)

• RIP inside an IPsec tunnel (proprietary)

BayRS IPsec and NAT

IPsec and NAT are not supported to work together on a BayRS platform. NAT or

IPsec can process a packet, but not both. If a packet matches the NAT source

address range, NAT takes precedence over IPsec, and IPsec will not see the

packet.

Troubleshooting Tips

Use the following troubleshooting tools to debug interoperability problems

between BayRS IPsec and Contivity.

BayRS Tools

BayRS provides the following troubleshooting tools that may help with

interoperability issues:

• Event Log: Look for IPsec, IKE, IPsec_Audit, and KEYMGR events.

• SHOW scripts: Use show scripts to display IPsec and IKE configured and

active policy and SA information and statistics. For example,

show ipsec

selector out

displays how many packets matched each policy.

• Technician Interface: Enable IPsec debugging using the TI command

ipsec

Enter

help ipsec

for command usage.

1 2 ... 99 100 101 102 103 104 105 106 107 108 109 ... 121 122

Keine Kommentare

Avaya Configuring IPsec Services Bedienungsanleitung Seite 104