Cisco Cisco Packet Data Gateway (PDG)
Deployment Mode
A given instance of the WSG service can either support Remote Access tunnels or Site-to-Site tunnels. In the
WSG Configuration mode, the following command sequence specifies the desired deployment mode.
WSG Configuration mode, the following command sequence specifies the desired deployment mode.
deployment-mode { remote-access | site-to-site }
There is no default deployment mode. You must configure the deployment mode as either remote-access
or site-to-site before binding the service. Failure to specify a deployment mode will generate an error
message when attempting to bind the address.
or site-to-site before binding the service. Failure to specify a deployment mode will generate an error
message when attempting to bind the address.
Important
Access List
A WSG service that supports site-to-site tunnels should bind to an access list.
For the site-to-site scenario, the WSG service should be associated with access-group for which source and
destination can be a subnet. The ip address alloc-method/pool configurations are for RAS mode.
destination can be a subnet. The ip address alloc-method/pool configurations are for RAS mode.
In the WSG Configuration mode, the following command sequence specifies the desired IPv4 access groups
or address pools:
ip { access-group acl_list_name | address { alloc-method { dhcp-proxy | local } | pool name pool_name
or address pools:
ip { access-group acl_list_name | address { alloc-method { dhcp-proxy | local } | pool name pool_name
If the access-group is modified under the context then the same need to be reconfigured under WSG
service for the changes to get affected. This procedure involves unbind and bind as well.
service for the changes to get affected. This procedure involves unbind and bind as well.
Important
In the WSG Configuration mode, the following command sequence specifies the desired IPv6 access groups
or prefix pools:
ipv6 { access-group acl_list_name | address prefix-pool } pool_name
or prefix pools:
ipv6 { access-group acl_list_name | address prefix-pool } pool_name
Remote Access (RA) tunnels require address pools that can be specified under the service.
Important
The dhcp command in the WSG service specifies the DHCPv4 context and service name to be used when
the IP address allocation method is set to dhcp-proxy. The specified DHCPv4 service is designated via the
ip address alloc-method dhcp-proxy command. See
the IP address allocation method is set to dhcp-proxy. The specified DHCPv4 service is designated via the
ip address alloc-method dhcp-proxy command. See
IP Address Allocation Method, on page 21
.
Duplicate Session Detection
The duplicate-session-detection command enables or disables allowing only one IKE-SA per remote IKE-ID.
A new request will overwrite the existing tunnel. For a complete description of this feature, refer to the IPSec
Reference.
A new request will overwrite the existing tunnel. For a complete description of this feature, refer to the IPSec
Reference.
Peer List
The peer-list command configures an SecGW to initiate an IKEv2 session setup request when the peer does
not initiate a setup request within a specified time interval. For a complete description of this feature, refer to
the IPSec Reference.
not initiate a setup request within a specified time interval. For a complete description of this feature, refer to
the IPSec Reference.
SecGW Administration Guide, StarOS Release 19
20
SecGW Service Creation
WSG Service