Cisco Cisco ASR 5700
WSG Service Configuration Mode Commands
peer-list ▀
Command Line Interface Reference, StarOS Release 17 ▄
8991
peer-list
Configures an SecGW to initiate an IKEv2 session setup request when the peer does not initiate a setup request within a
specified time interval. This command is only available for a WSG service configured for site-to-site (S2S) deployment
mode (VPC only).
specified time interval. This command is only available for a WSG service configured for site-to-site (S2S) deployment
mode (VPC only).
Product
SecGW (WSG)
Privilege
Security Administrator, Administrator
Mode
Exec > Global Configuration > Context Configuration > WSG-Service Configuration
configure > context context_name > wsg-service
service_name
Entering the above command sequence results in the following prompt:
[context_name]host_name(config-wsg-service)#
Syntax
peer-list peer_list_name
no peer-list
no
Disables the current peer list and SecGW as an IKE initiator functionality.
peer_list_name
Specifies the name of an existing peer list as an alphanumeric string of 1 through 79 characters. The crypto
peer list must have been previously created using the Global Configuration mode crypto peer-list command.
peer list must have been previously created using the Global Configuration mode crypto peer-list command.
Usage
Enables the use of a peer list so that the SecGW can act as an initiator of an IKEv2 call session. The WSG
service deployment mode must be configured as site-to-site for the peer-list command to execute.
The following limitations apply when the SecGW as initiator feature is enabled:
service deployment mode must be configured as site-to-site for the peer-list command to execute.
The following limitations apply when the SecGW as initiator feature is enabled:
The SecGW will only support up to 1,000 peers. This restriction is applied when configuring a crypto
peer list.
SecGW will not support the modification of an IPv4/IPv6 peer list on the fly (call sessions in progress).
The modification will be allowed only after all the calls are removed.
When a peer list has been configured in the WSG service, the initiator and responder mode timer intervals
each default to 10 seconds. The SecGW will wait for 10 seconds in the responder mode for a peer session
initiation request before switching to the initiator mode and waiting 10 seconds for a peer response.
You can change the default settings for the initiator and/or responder mode intervals using the WSG Service
mode initiator-mode-duration and responder-mode-duration commands.
See the IPSec Reference for additional information on configuring an SecGW as an IKE initiator.
each default to 10 seconds. The SecGW will wait for 10 seconds in the responder mode for a peer session
initiation request before switching to the initiator mode and waiting 10 seconds for a peer response.
You can change the default settings for the initiator and/or responder mode intervals using the WSG Service
mode initiator-mode-duration and responder-mode-duration commands.
See the IPSec Reference for additional information on configuring an SecGW as an IKE initiator.
Example
The following command enables the user of a peer list named peer1.