Chapter 5

Troubleshooting SpeedTouch™ IPSec

5.5Pinging from the SpeedTouch™ to the remote private network

Ping command

Adapting the routing table

In order to verify that an IPSec tunnel is active, you can use the :ip debug ping CLI command of the SpeedTouch™. With this command you are able to send ping messages from the SpeedTouch™ to an IP address in the remote private network.

The transmission through an IPSec tunnel of messages originating from the SpeedTouch™ requires some adaptations to the SpeedTouch™ routing table. In general, this kind of traffic does not comply with the traffic policy of the VPN tunnel. Therefore, some adaptations to the routing table are required, which can only be performed via the Command Line Interface (CLI).

The adaptations to the routing table are made via the CLI.

Proceed as follows:

1Add a route to the remote private network. Explicitly specify the local LAN interface as the source interface in the route definition.

Example:

:ip rtadd dst 20.0.0.0/24 intf=ipsec0 srcintf=lan1

2Set the local private IP address of the SpeedTouch™ as the primary IP address. Example:

:ip ipconfig addr=10.0.0.254 primary=enabled

E-DOC-CTC-20051017-0169 v0.1

171

 

Page 173
Image 173
Nortel Networks 608(WL) Pinging from the SpeedTouch to the remote private network, Ping command Adapting the routing table