Cisco Cisco Packet Data Gateway (PDG) Fascicule
IPSec Network Applications
▀ Implementing IPSec for Mobile IP Applications
▄ Cisco StarOS IP Security (IPSec) Reference
38
Step 4
Optional. Configure DPD for the FA to help prevent IPSec tunnel state mismatches between the FA and HA according
to the instructions located in the Dead Peer Detection (DPD) Configuration section of the Redundant IPSec Tunnel
Fail-Over chapter of this guide.
to the instructions located in the Dead Peer Detection (DPD) Configuration section of the Redundant IPSec Tunnel
Fail-Over chapter of this guide.
Important:
Though the use of DPD is optional, it is recommended in order to ensure service availability.
Step 5
Configure the FA Service or the FA system according to the instructions located in the FA Services Configuration to
Support IPSec section of the Service Configurations chapter in this guide.
Support IPSec section of the Service Configurations chapter in this guide.
Step 6
Configure one or more transform sets for the HA system according to the instructions located in the Transform Set
Configuration chapter of this guide.
Configuration chapter of this guide.
The transform set(s) must be configured in the same context as the HA service.
Step 7
Configure one or more ISAKMP policies or the HA system according to the instructions located in the ISAKMP Policy
Configuration chapter of this guide.
Configuration chapter of this guide.
The ISAKMP policy(ies) must be configured in the same context as the HA service.
Step 8
Configure an ipsec-isakmp crypto map or the HA system according to the instructions located in the Dynamic Crypto
Map Configuration section of the Crypto Maps chapter of this guide.
Map Configuration section of the Crypto Maps chapter of this guide.
The crypto map(s) must be configured in the same context as the HA service.
Step 9
Optional. Configure DPD for the HA to help prevent IPSec tunnel state mismatches between the FA and HA according
to the instructions located in the Dead Peer Detection (DPD) Configuration section of the Redundant IPSec Tunnel
Fail-Over chapter of this guide.
to the instructions located in the Dead Peer Detection (DPD) Configuration section of the Redundant IPSec Tunnel
Fail-Over chapter of this guide.
Important:
Though the use of DPD is optional, it is recommended in order to ensure service availability.
Step 10 Configure the HA Service or the HA system according to the instructions located in the HA Service Configuration to
Support IPSec section in the Service Configurations chapter of this guide.
Step 11 Configure the required attributes for RADIUS-based subscribers according to the information located in the RADIUS
Attributes for IPSec-based Mobile IP Applications chapter of this guide.
Step 12 Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode
command save configuration. For additional information on how to verify and save configuration files, refer to the
System Administration Guide and the Command Line Interface Reference.
System Administration Guide and the Command Line Interface Reference.