Cisco Cisco Packet Data Gateway (PDG)
IKEv2 RFC 5996 Compliance
▀ CLI Commands
▄ IPSec Reference, StarOS Release 17
162
Refer to the Command Line Interface Reference for a complete description of these commands and their keywords.
Disable Change in Rekey Parameters in CHILDSA REKEY
Disabling of rekey parameters must be enabled in a crypto map or crypto template.
For a crypto map the configuration sequence is:
configure
context ctxt_name
crypto map template_name { ikev2-ipv4 | ikev2-ipv6 }
ikev2-ikesa
rekey disallow-param-change
For a crypto template the configuration sequence is:
configure
context ctxt_name
crypto template template_name ikev2-dynamic
ikev2-ikesa
rekey disallow-param-change
Refer to the Command Line Interface Reference for a complete description of these commands and their keywords.
Enable TSr Ranges
To support multiple traffic selectors, the tsr start-address command has been modified to process both IPv4 and IPv6
addresses.
addresses.
configure
context context_name
crypto templatetnplt_name ikev2-dynamic
payload payload_name match childsa match any
tsr start-address ipv4v6_address end-address ipv4v6_address
end
Notes:
The configuration is restricted to a maximum of four TSrs per payload and per childsa.
Overlapping TSrs are not allowed either inside the same payload or across different payloads.