Cisco Cisco Packet Data Interworking Function (PDIF)
Crypto Template IKEv2-Dynamic Payload Configuration Mode Commands
tsr ▀
Command Line Interface Reference, StarOS Release 17 ▄
3029
tsr
Configures the IKEv2 Traffic Selector-Responder (TSr) payload address options.
Product
All Security Gateway products
Privilege
Security Administrator
Mode
Exec > Global Configuration > Context Configuration > Crypto Template Configuration > Crypto Template IKEv2-
Dynamic Payload Configuration
Dynamic Payload Configuration
configure > context context_name > crypto template template_name ikev2-dynamic > payload
payload_name match childsa
payload_name match childsa
match
{ any | ipv4 | ipv6 }
Entering the above command sequence results in the following prompt:
[context_name]host_name(cfg-crypto-tmpl-ikev2-tunnel-payload)#
Syntax
[ no ] tsr start-address ip address end-address ip address
no
Disables the specified tsr address range.
start-address
ip address
Specifies the starting IP address of the TSr payload in IPv4 dotted-decimal or IPv6 colon-separated-
hexadecimal notation.
See the limitations listed in the Usage section.
hexadecimal notation.
See the limitations listed in the Usage section.
end-address
ipv4 address
Specifies the ending IP address of the TSr payload in IPv4 dotted-decimal or IPv6 colon-separated-
hexadecimal notation.
See the limitations listed in the Usage section.
hexadecimal notation.
See the limitations listed in the Usage section.
Usage
This command is used to specify an IP address range in the single TSr payload that the PDG/TTG returns in
the last IKE_AUTH message. This TSr is Child SA-specific.
This command is subject to the following limitations:
the last IKE_AUTH message. This TSr is Child SA-specific.
This command is subject to the following limitations:
The configuration is restricted to a maximum of four TSrs per payload and per childsa.
Overlapping TSrs are not allowed either inside the same payload or across different payloads.
When a TSr is configured via this command, only the configured TSr will be considered for narrowing-
down. For example, if one IPv4 TSr is configured, and the gateway receives an IPv6 TSr, the
gateway will reject the call with a TS_UNACCEPTABLE notification.
gateway will reject the call with a TS_UNACCEPTABLE notification.
The UE/PEER must send both INTERNAL_IP4_ADDRESS and INTERNAL_IP6_ADDRESS in the
Configuration Payload, whenever it needs both IPv4 and IPv6 addresses in TSrs. Otherwise, the