Cisco Cisco Packet Data Gateway (PDG)
Security Gateway Overview
Product Overview ▀
SecGW Administration Guide, StarOS Release 18 ▄
17
Supports IKEv2.
Supports DES, 3DES, AES and NULL Encryption algorithms, and MD5, SHA1/2 and AES-XCBC Hash
algorithms.
Provides mechanisms for High Availability both within and outside of the ASR 9000 chassis.
IPv6 support encompasses Inner-Outer pairs – v6-v6, v6-v4, v4-v6, v4-v4
Allows dynamic provisioning of IPSec configuration when a new SecGW is instantiated on the router.
Each of the four SecGWs on a VSM must be configured separately.
Load balancing has not been implemented for the SecGWs; incoming calls will not be automatically distributed across
the four SecGWs on a VSM. A workaround is to use VLANs for load balancing. The public side interface of each
SecGW can be configured for a separate VLAN. Calls from multiple peers are routed to the same IP address via a
different VLAN to distribute the traffic load.
the four SecGWs on a VSM. A workaround is to use VLANs for load balancing. The public side interface of each
SecGW can be configured for a separate VLAN. Calls from multiple peers are routed to the same IP address via a
different VLAN to distribute the traffic load.
IPSec Capabilities
The following IPSec features are supported by StarOS for implementation in an SecGW application:
Anti Replay
Multiple Child SA (MCSA)
Certificate Management Protocol (CMPv2)
Session Recovery/Interchassis Session Recovery for both RAS and S2S
Support for IKE ID Type
PSK support with up to 255 octets
Online Certificate Status Protocol (OCSP)
Reverse DNS Lookup for Peer IP in show Commands
Blacklist/Whitelist by IDi
Rekey Traffic Overlap
CRL fetching with LDAPv3
Sequence Number based Rekey
IKE Call Admission Control (CAC)
PSK Support for up to 1000 Remote Secrets
Certificate Chaining
RFC 5996 Compliance
Duplicate Session Detection
Extended Sequence Number
Security Gateway as IKE Initiator