Cisco Cisco Packet Data Gateway (PDG)
Crypto Template Configuration Mode Commands
▀ payload
▄ Command Line Interface Reference, StarOS Release 16
2930
payload
Creates a new, or specifies an existing, crypto template payload and enters the Crypto Template Payload Configuration
Mode.
Mode.
Product
All Security Gateway products
Privilege
Security Administrator
Syntax
[ no ] payload name match childsa [ match { any | ipv4 | ipv6 } ]
no
Removes a currently configured crypto template payload.
payload
name
Specifies the name of a new or existing crypto template payload as an alphanumeric string of 1 through 127
characters.
characters.
match childsa [ match { any |ipv4 | ipv6 }
Filters IPSec Child Security Association creation requests for subscriber calls using this payload. Further
filtering can be performed by applying the following:
filtering can be performed by applying the following:
match any
: Configures this payload to be applicable to IPSec Child Security Association requests for
IPv4 and/or IPv6.
match ipv4
: Configures this payload to be applicable to IPSec Child Security Association requests for
IPv4 only.
match ipv6
: Configures this payload to be applicable to IPSec Child Security Association requests for
IPv6 only.
Usage
Use this command to create a new or enter an existing crypto template payload. The payload mechanism is a
means of associating parameters for the Security Association (SA) being negotiated.
Two payloads are required: one each for MIP and IKEv2. The first payload is used for establishing the initial
Child SA Tunnel Inner Address (TIA) which will be torn down. The second payload is used for establishing
the remaining Child SAs. Note that if there is no second payload defined with home-address as the
means of associating parameters for the Security Association (SA) being negotiated.
Two payloads are required: one each for MIP and IKEv2. The first payload is used for establishing the initial
Child SA Tunnel Inner Address (TIA) which will be torn down. The second payload is used for establishing
the remaining Child SAs. Note that if there is no second payload defined with home-address as the
ip-
address-allocation
then no MIP call can be established, just a Simple IP call.
Currently, the only available match is for ChildSA, although other matches are planned for future releases.
Omitting the second match parameter for either IPv4 or IPv6 will make the payload applicable to all IP
address pools.
Crypto Template Payload Configuration Mode commands are defined in the Crypto Template IKEv2-
Dynamic Payload Configuration Mode Commands chapter.
Omitting the second match parameter for either IPv4 or IPv6 will make the payload applicable to all IP
address pools.
Crypto Template Payload Configuration Mode commands are defined in the Crypto Template IKEv2-
Dynamic Payload Configuration Mode Commands chapter.
Example
The following command configures a crypto template payload called
payload5
and enters the Crypto
Template Payload Configuration Mode: