Cisco Cisco Packet Data Interworking Function (PDIF) Prospecto
Crypto Templates
Crypto Template IKEv2-Dynamic Payload Parameters ▀
Cisco StarOS IP Security (IPSec) Reference ▄
79
Crypto Template IKEv2-Dynamic Payload Parameters
The Crypto Template IKEv2-Dynamic Payload Configuration Mode is used to assign the correct IPSec transform-set
from a list of up to four different transform-sets, and to assign Mobile IP addresses. There should be two payloads
configured. The first must have a dynamic addressing scheme from which the ChildSA gets a TIA address. The second
payload supplies the ChildSA with a HoA, which is the default setting for ip-address-allocation.
from a list of up to four different transform-sets, and to assign Mobile IP addresses. There should be two payloads
configured. The first must have a dynamic addressing scheme from which the ChildSA gets a TIA address. The second
payload supplies the ChildSA with a HoA, which is the default setting for ip-address-allocation.
Crypto template payloads include the following parameters:
ignore-rekeying-requests – Ignores CHILD SA rekey requests from the Packet Data Interworking Function
(PDIF).
ip-address-allocation – Configures IP address allocation for subscribers using this crypto template payload.
Configure two payloads per crypto template. The first must have a dynamic address to assign a tunnel inner
address (TIA) to the ChildSA. The second payload is configured after a successful MAnaged IP (MIP)
initiation and can use the default Home Address (HoA) option.
address (TIA) to the ChildSA. The second payload is configured after a successful MAnaged IP (MIP)
initiation and can use the default Home Address (HoA) option.
ipsec transform set -–Configures the IPSec transform set to be used for this crypto template payload.
lifetime – Configures the number of seconds for IPSec Child SAs derived from this crypto template payload to
exist.
maximum-child-sa – Configures the maximum number of IPSec child security associations that can be derived
from a single IKEv2 IKE security association.
rekey [disallow-param-change] – Configures IPSec Child Security Association rekeying.
tsi – Configures the IKEv2 Traffic Selector initiator (TSi) payload address options.
tsr – Configures the IKEv2 Traffic Selector responder (TSr) payload address options.