Cisco Cisco Packet Data Gateway (PDG) Fehlerbehebungsanleitung
Configuration
Configuring IPSec Traffic Classes and Traffic Selectors ▀
Cisco ASR 5000 Series Packet Data Interworking Function Administration Guide ▄
OL-22963-01
Configuring IPSec Traffic Classes and Traffic Selectors
To configure IPSec traffic classes and traffic selectors:
Step 1
Create inbound access control lists (ACLs) to define the required traffic classes and traffic selectors, as described below
in
in
Step 2
Step 3
Save your configuration as described in the chapter Verifying and Saving Your Configuration in this guide.
I
MPORTANT
:
This section includes information on how to use ACLs to configure IPSec traffic classes and traffic
selectors on the PDIF platform. For more complete information on ACLs, see the Access Control Lists chapter in the
System Enhanced Feature Configuration Guide.
System Enhanced Feature Configuration Guide.
Creating Access Control Lists to Define IPSec Traffic Classes and Traffic
Selectors
A single ACL consists of one or more ACL rules. An ACL rule is a filter configured to take a specific action for packets
matching specific criteria. To configure traffic classes and traffic selectors, you create inbound ACLs that conform to
the following guidelines:
matching specific criteria. To configure traffic classes and traffic selectors, you create inbound ACLs that conform to
the following guidelines:
Each traffic class is represented by one ACL.
Each ACL name must match a traffic class name defined on the AAA server.
An ACL name representing a traffic class must be an integer.
Each traffic selector is represented by one 'permit' entry in an ACL. Each 'permit' entry defines one selection
criterion for packets being sent over IKE security associations (SAs).
Traffic selectors are created using 'permit' entries only (no 'deny' or 'redirect' entries are allowed).
The specified source address must be 'any'.
The criteria used for traffic selectors can be based on these protocols: IP, TCP, UDP, and ICMP.
You can specify a port range only if the criteria is TCP or UDP.
ACLs created for traffic classes and traffic selectors are not applied to individual interfaces, all traffic within a
context (known as a policy ACL), individual subscribers, multiple subscribers, or multiple subscribers via
access point names (APNs).
access point names (APNs).
Defining Traffic Classes
To define traffic classes, create inbound ACLs by issuing the following command in Context Configuration Mode for
the egress context:
the egress context: