Cisco Cisco Packet Data Interworking Function (PDIF)
IKEv2 RFC 5996 Compliance
▀ CLI Commands
▄ IPSec Reference, StarOS Release 16
160
ikev2-ikesa
rekey disallow-param-change
For a crypto template the configuration sequence is:
configure
context <ctxt_name>
crypto template template_name ikev2-dynamic
ikev2-ikesa
rekey disallow-param-change
Refer to the Command Line Interface Reference for a complete description of these commands and their keywords.
Enable TSr Ranges
To support multiple traffic selectors, the tsr start-address command has been modified to process both IPv4 and IPv6
addresses.
addresses.
configure
context context_name
crypto templatetnplt_name ikev2-dynamic
payload payload_name match childsa match any
tsr start-address ipv4v6_address end-address ipv4v6_address
end
Notes:
The configuration is restricted to a maximum of four TSrs per payload and per childsa.
Overlapping TSrs are not allowed either inside the same payload or across different payloads.
When a TSr is configured via this command, only the configured TSr will be considered for narrowing-down.
For example, if one IPv4 TSr is configured, and the gateway receives an IPv6 TSr, the gateway will reject the
call with a TS_UNACCEPTABLE notification.
call with a TS_UNACCEPTABLE notification.
The UE must send both INTERNAL_IP4_ADDRESS and INTERNAL_IP6_ADDRESS in the Configuration
Payload, whenever it needs both IPv4 and IPv6 addresses in TSrs. Otherwise, the gateway will respond back
with only one type depending upon the type of address received in the Configuration Payload. For example,.if
the gateway receives only INTERNAL_IP4_ADDRESS in the Configuration Payload but both IPv4 and IPv6
addresses are in the TSrs, the gateway will narrow down only the IPv4 address, and ignore the IPv6 TSrs.
with only one type depending upon the type of address received in the Configuration Payload. For example,.if
the gateway receives only INTERNAL_IP4_ADDRESS in the Configuration Payload but both IPv4 and IPv6
addresses are in the TSrs, the gateway will narrow down only the IPv4 address, and ignore the IPv6 TSrs.
IPv4 TSrs are not allowed inside IPv6 payloads.
IPv6 TSrs are not allowed inside IPv4 payloads.