Cisco Cisco Packet Data Gateway (PDG)
C H A P T E R
1
Security Gateway Overview
This chapter contains general overview information about the Security Gateway (SecGW) running on an
ASR 9000 Virtualized Service Module (VSM) as a VPC-VSM instance.
ASR 9000 Virtualized Service Module (VSM) as a VPC-VSM instance.
The following topics are covered in this chapter:
•
•
•
•
•
Product Overview
The SecGW is a high-density IP Security (IPSec) gateway for mobile wireless carrier networks. It is typically
used to secure backhaul traffic between the Radio Access Network (RAN) and the operator core network.
used to secure backhaul traffic between the Radio Access Network (RAN) and the operator core network.
IPSec is an open standards set that provides confidentiality, integrity, and authentication for data between IP
layer peers. The SecGW uses IPSec-protected tunnels to connect outside endpoints. SecGW implements the
parts of IKE/IPSec required for its role in mobile networks.
layer peers. The SecGW uses IPSec-protected tunnels to connect outside endpoints. SecGW implements the
parts of IKE/IPSec required for its role in mobile networks.
The SecGW is enabled as a Wireless Security Gateway (WSG) service in a StarOS instance running in a
virtual machine on a Virtualized Services Module (VSM) in an ASR 9000.
virtual machine on a Virtualized Services Module (VSM) in an ASR 9000.
The following types of LTE traffic may be carried over encrypted IPSec tunnels in the Un-trusted access
domain:
domain:
• S1-C and S1-U: Control and User Traffic between eNodeB and EPC
• X2-C and X2-U: Control and User Traffic between eNodeBs during Handoff
SecGW Administration Guide, StarOS Release 19
1