Cisco Cisco Packet Data Gateway (PDG)
Service Configurations
▀ HA Service Configuration to Support IPSec
▄ IPSec Reference, StarOS Release 18
88
HA Service Configuration to Support IPSec
This section provides instructions for configuring HA (Home Agent) services to support IPSec. It assumes that the HA
service was previously configured and system is ready to serve as an HA.
service was previously configured and system is ready to serve as an HA.
Important:
This section provides the minimum instruction set for configuring an HA service to support IPSec on
the system. For more information on commands that configure additional parameters and options, see the Command
Line Interface Reference.
Line Interface Reference.
To configure the HA service to support IPSec:
Step 1
Step 2
Step 3
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode
command save configuration. For additional information on how to verify and save configuration files, refer to the
System Administration Guide and the Command Line Interface Reference.
command save configuration. For additional information on how to verify and save configuration files, refer to the
System Administration Guide and the Command Line Interface Reference.
Modifying HA Service to Support IPSec
Use the following example to modify an existing HA service to support IPSec on your system:
configure
context ctxt_name
ha-service ha_svc_name
isakmp aaa-context aaa_ctxt_name
isakmp peer-fa fa_address crypto-map map_name [ secret preshared_secret ]
end
Notes:
ctxt_name is the system context in which the FA service is configured to support IPSec.
ha_svc_name is name of the HA service for which you are configuring IPSec.
fa_address is IP address of the FA service to which HA service will communicate on IPSec.
aaa_ctxt_name name of the context through which the HA service accesses the HAAA server to fetch the IKE S
Key and S Lifetime parameters.
map_name is name of the preconfigured ISAKMP or a manual crypto map.