Cisco Cisco Packet Data Gateway (PDG)
Introduction to IP Security (IPSec)
Boost Crypto Performance ▀
IPSec Reference, StarOS Release 18 ▄
21
IKEv1
IKEv2
NAT Transversal (NATT) is defined as an extension.
NATT is supported by default.
Remote Access VPN is not defined, but is supported by
vendor-specific implementations for Mode config and
XAUTH.
vendor-specific implementations for Mode config and
XAUTH.
Remote Access VPN is supported by default:
Extensible Authentication Protocol (EAP)
User authentication via EAP is associated with IKE
authentication
authentication
Configuration payload (CP)
Multihoming is not supported.
Multihoming is supported by MOBIKE (IKEv2 Mobility and
Multihoming Protocol, RFC 4555)
Multihoming Protocol, RFC 4555)
Mobile Clients are not supported.
Mobile Clients are supported by MOBIKE.
Denial of Service (DoS) protections are not supported.
DoS protections include an anti-replay function.
Boost Crypto Performance
An require ipsec-large command boosts IPSec crypto performance by enabling the resource manager (RM) task to
assign additional IPSec managers to packet processing cards that have sufficient processing capacity.
assign additional IPSec managers to packet processing cards that have sufficient processing capacity.
configure
require ipsec-large
end
This command works with ePDG, PDIF and other StarOS applications. Refer to the Release Notes accompanying each
StarOS build for the latest information on supported products and packet processing cards.
StarOS build for the latest information on supported products and packet processing cards.