Cisco Cisco ASR 5000
Crypto Template IKEv2-Dynamic Payload Configuration Mode Commands
▀ tsi
▄ Command Line Interface Reference, StarOS Release 18
3062
tsi
Configures the IKEv2 Traffic Selector-Initiator (TSi) payload address options.
Product
All Security Gateway products
Privilege
Security Administrator
Mode
Exec > Global Configuration > Context Configuration > Crypto Template Configuration > Crypto Template IKEv2-
Dynamic Payload Configuration
Dynamic Payload Configuration
configure > context context_name > crypto template template_name ikev2-dynamic > payload
payload_name match childsa
payload_name match childsa
match
{ any | ipv4 | ipv6 }
Entering the above command sequence results in the following prompt:
[context_name]host_name(cfg-crypto-tmpl-ikev2-tunnel-payload)#
Syntax
tsi start-address { any end-address any | endpoint end-address endpoint }
any end-address any
Configures the TSi payload to allow all IP addresses.
endpoint end-address endpoint
Configures the TSi payload to allow only the Mobile endpoint address. (Default)
Usage
On receiving a successful IKE_SA_INIT Response from PDIF, the MS sends an IKE_ AUTH Request for the
first EAP-AKA authentication. If the MS is capable of doing multiple-authentication, it includes the
MULTI_AUTH_SUPPORTED Notify payload in the IKE_AUTH Request. MS also includes an IDi payload
containing the NAI, SA, TSi, TSr, and CP (requesting IP address and DNS address) payloads.
first EAP-AKA authentication. If the MS is capable of doing multiple-authentication, it includes the
MULTI_AUTH_SUPPORTED Notify payload in the IKE_AUTH Request. MS also includes an IDi payload
containing the NAI, SA, TSi, TSr, and CP (requesting IP address and DNS address) payloads.
Example
Use the following example to configure a TSi payload that allows all addresses:
tsi start-address any end-address any