Cisco Cisco Packet Data Gateway (PDG)
Creating the ePDG Context
Use the following configuration example to create the ePDG context, the EAP profile, the IPSec and IKEv2
transform sets, the crypto template, the SWu, SWm, and DNS interfaces, the SWm and IPSec loopback
interfaces, and the AAA group for Diameter authentication:
transform sets, the crypto template, the SWu, SWm, and DNS interfaces, the SWm and IPSec loopback
interfaces, and the AAA group for Diameter authentication:
configure
context
<
epdg_context_name
>
eap-profile
<
eap_profile_name
>
mode authenticator-pass-through
exit
exit
ipsec transform-set
<
ipsec_tset_name
>
hmac aes-xcbc-96
exit
exit
ikev2-ikesa transform-set
<
ikev2_ikesa_tset_name
>
hmac aes-xcbc-96
prf aes-scbc-128
exit
prf aes-scbc-128
exit
crypto template
<
crypto_template_name
>
ikev2-dynamic
authentication remote eap-profile
<
eap_profile_name
>
exit
ikev2-ikesa retransmission-timeout
<
milliseconds
>
ikev2-ikesa transform-set list
<
ikev2_ikesa_tset_name
>
ikev2-ikesa rekey
payload
payload
<
payload_name
>
match childsa match any
ipsec transform-set list
<
ipsec_tset_name
>
lifetime
<
seconds
>
rekey keepalive
exit
exit
ikev2-ikesa keepalive-user-activity
ikev2-ikesa policy error-notification
ikev2-ikesa policy error-notification
ikev2-ikesa policy use-rfc5996-notification
exit
ip routing maximum-paths
<
max_num
>
interface
<
swu_interface_name
>
ip address
<
ip_address
> <
subnet_mask
>
exit
interface
<
swm_interface_name
>
ip address
<
ip_address
> <
subnet_mask
>
exit
interface
<
epdg_dns_interface_name
>
ip address
<
ip_address
> <
subnet_mask
>
exit
interface
<
swu_loopback_interface_name
>
loopback
ip address
<
ip_address
> <
subnet_mask
>
exit
interface
<
swm_ipsec_loopback_interface_name
>
loopback
ip address
<
ip_address
> <
subnet_mask
>
exit
subscriber default
aaa group
<
group_name
>
ip context-name
<
epdg_context_name
>
ePDG Administration Guide, StarOS Release 19
99
Configuring the Evolved Packet Data Gateway
ePDG Context and Service Configuration