HP 7102dl - ProCurve Secure Router Configuration Manual page 575
Procurve secure router 7000dl series - advanced management and configuration guide
Hide thumbs
Also See for 7102dl - ProCurve Secure Router:
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages) ,
- Advanced management and configuration manual (1005 pages)
Table of Contents
Advertisement
Scroll through the debug messages until you see the message for the relevant
IKE phase: "IANA: for proposal ISAKMP" (phase 1). (See Figure 10-15.)
An Isakmp proposal is the proposal for the IKE SA. In the debug messages,
look underneath the proposal message for the TRANSFORM ATTRIBUTES.
These are the security proposals. Each proposal includes six attributes,
marked "SA Attrib." The actual setting for the attribute is shown below as the
"Value."
2005.08.13 14:20:49 1: Sent out first message of main mode
2005.08.13 14:20:49 <POLICY: 1> PAYLOADS: SA,PROP,TRANS,VID,VID,VID
"Sent" indicates that these
are the local router's
2005.08.13 14:20:49
policies.
2005.08.13 14:20:49
2005.08.13 14:20:49
2005.08.13 14:20:49
2005.08.13 14:20:49
2005.08.13 14:20:49
2005.08.13 14:20:49
2005.08.13 14:20:49
2005.08.13 14:20:49
2005.08.13 14:20:49
2005.08.13 14:20:49
2005.08.13 14:20:49
2005.08.13 14:20:49
2005.08.13 14:20:49
2005.08.13 14:20:49
2005.08.13 14:20:49
2005.08.13 14:20:49
2005.08.13 14:20:49
2005.08.13 14:20:49
2005.08.13 14:20:49
2005.08.13
2005.08.13 14:20:49
2005.08.13 14:20:49
2005.08.13 14:20:49
Figure 10-15. IKE Debug Messages: IKE Phase 1 Security Parameters
You can compare the peer's settings to yours in two ways:
Table 10-28 shows where in the local router's running-config you can find the
settings that should match the policies you see proposed by the peer.
SA PAYLOAD
Value: Seconds (1)
Initiate a connection with the peer and view the debug messages with the
local proposals
View the IKE attribute policy used with the peer by entering:
ProCurve# show crypto ike policy
Troubleshooting a VPN That Uses IPSec
DOI: 1
Situation: 1
PROPOSAL PAYLOAD
Proposal No.: 1
IANA No. for protocol: ISAKMP (1)
Size of the variable SPI field: 0
Number of transforms offered: 1
TRANSFORM PAYLOAD
Transform Number: 1
IANA Transform ID: IKE Key (1)
TRANSFORM ATTRIBUTES
SA Attrib: Group Description (4)
Length: 2
Value: DH Group 1 (1)
SA Attrib: Authentication Method (3)
Length: 2
Value: Pre-shared Key (1)
SA Attrib: Encryption Algorithm (1)
Length: 2
SA Attrib: Life Time (12)
Length: 4
Value:
(28800)
Virtual Private Networks
10-81
- Quick Links:
- Procurve Secure Router
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
