Cisco Cisco Packet Data Gateway (PDG)
SecGW Changes in Release 17
▀ SecGW Enhancements for 17.0
▄ Release Change Reference, StarOS Release 17
458
This command displays ESN status under IPSec SA Payload.
ESN: Enabled/Disabled
CSCuh37234 - Layer 3 based High Availability
Feature Changes
ICSR Layer 3 Interchassis HA
This feature supports L3 Interchassis High Availability for SecGW. This card-level redundancy uses Interchassis
Session Recovery (ICSR) implemented for RRI to ensure that the routes are injected correctly on the appropriate VSM
to route the traffic to the correct interface after an ICSR switchover.
Session Recovery (ICSR) implemented for RRI to ensure that the routes are injected correctly on the appropriate VSM
to route the traffic to the correct interface after an ICSR switchover.
An anchor route must be specified for ICSR L3 redundancy to map the physical interface IP addresses on both the
active and standby VSMs to the virtual Anchor IP address.
active and standby VSMs to the virtual Anchor IP address.
Chassis-to-chassis redundancy employs HSRP to detect failure in the system and notify other elements of the need to
change their HA State. Each VSM receives these notifications via oneP (Connected Apps) communication.
change their HA State. Each VSM receives these notifications via oneP (Connected Apps) communication.
An external HSRP-aware entity switches traffic from the primary to the backup chassis. All application instances must
failover to the backup chassis.
failover to the backup chassis.
For additional information on L# interchassis HA, see the SecGW Administration Guide.
Command Changes – Reverse Route Injection
There are several StarOS CLI commands associated with RRI configurations. They are briefly described below. For
additional information, see the Command Line Interface Reference and SecGW Administration Guide.
additional information, see the Command Line Interface Reference and SecGW Administration Guide.
ip rri-remote-access
This Context Configuration mode CLI command configures RRI remote access mode parameters. This command is
only required for Remote Access Service configurations.
only required for Remote Access Service configurations.
configure
context context_name
ip rri-remote-access { ip_address | next-hop nexthop_address } interface
interface_name [ vrf vrf_name ]
interface_name [ vrf vrf_name ]
Notes:
ip_address and nexthop_address can be specified in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal
format.
The next hop IP address is not required for point-to-point and tunnel interfaces.
interface_name specifies the egress interface.
ip rri-route
This Context Configuration mode CLI command configures RRI route parameters.