Cisco Cisco Packet Data Gateway (PDG)
Crypto Template IKEv2-Dynamic Payload Configuration Mode Commands
tsr ▀
Command Line Interface Reference, StarOS Release 16 ▄
2949
tsr
Configures the IKEv2 Traffic Selector-Responder (TSr) payload address options.
Product
All Security Gateway products
Privilege
Security Administrator
Mode
Exec > Global Configuration > Context Configuration > Crypto Template Configuration > Crypto Template IKEv2-
Dynamic Payload Configuration
Dynamic Payload Configuration
configure > context context_name > crypto template template_name ikev2-dynamic > payload
payload_name match childsa
payload_name match childsa
match
{ any | ipv4 | ipv6 }
Entering the above command sequence results in the following prompt:
[context_name]host_name(cfg-crypto-tmpl-ikev2-tunnel-payload)#
Syntax
tsr start-address ip address end-address ip address
start-address
ip address
Configures the TSr payload to include the starting IP address of the TSr range specified in IPv4 dotted-
decimal or IPv6 colon-separated-hexadecimal notation.
See the limitations listed in the Usage section.
decimal or IPv6 colon-separated-hexadecimal notation.
See the limitations listed in the Usage section.
end-address
ipv4 address
Configures the TSr payload to include the ending IP address of the TSr range in IPv4 dotted-decimal or IPv6
colon-separated-hexadecimal notation.
See the limitations listed in the Usage section.
colon-separated-hexadecimal notation.
See the limitations listed in the Usage section.
Usage
This command is used to specify an IP address range in the single TSr payload that the PDG/TTG returns in
the last IKE_AUTH message. This TSr is Child SA-specific.
This command is subject to the following limitations:
the last IKE_AUTH message. This TSr is Child SA-specific.
This command is subject to the following limitations:
The configuration is restricted to a maximum of four TSrs per payload and per childsa.
Overlapping TSrs are not allowed either inside the same payload or across different payloads.
When a TSr is configured via this command, only the configured TSr will be considered for narrowing-
down. For example, if one IPv4 TSr is configured, and the gateway receives an IPv6 TSr, the
gateway will reject the call with a TS_UNACCEPTABLE notification.
gateway will reject the call with a TS_UNACCEPTABLE notification.
The UE/PEER must send both INTERNAL_IP4_ADDRESS and INTERNAL_IP6_ADDRESS in the
Configuration Payload, whenever it needs both IPv4 and IPv6 addresses in TSrs. Otherwise, the
gateway will respond back with only one type depending upon the type of address received in the
Configuration Payload. For example,.if the gateway receives only INTERNAL_IP4_ADDRESS in
the Configuration Payload but both IPv4 and IPv6 addresses are in the TSrs, the GW will narrow
down only the IPv4 address, and ignore the IPv6 TSrs.
gateway will respond back with only one type depending upon the type of address received in the
Configuration Payload. For example,.if the gateway receives only INTERNAL_IP4_ADDRESS in
the Configuration Payload but both IPv4 and IPv6 addresses are in the TSrs, the GW will narrow
down only the IPv4 address, and ignore the IPv6 TSrs.