Cisco Cisco Packet Data Gateway (PDG)
Security Gateway as Initiator
▀ Configuring SecGW as Initiator
▄ IPSec Reference, StarOS Release 17
178
Notes:
Use the no peer-list command to remove the peer-list and disable the SecGW as initiator feature.
Any changes made to a WSG service require that the service must be restarted to apply any changed parameters.
You restart the service by unbinding and binding the IP address to the service context.
Configure Initiator Mode and Responder Mode Durations
When a peer list has been configured in the WSG service, the initiator and responder mode timer intervals each default
to 10 seconds. The SecGW will wait for 10 seconds in the responder mode for a peer session initiation request before
switching to the initiator mode and waiting 10 seconds for a peer response.
to 10 seconds. The SecGW will wait for 10 seconds in the responder mode for a peer session initiation request before
switching to the initiator mode and waiting 10 seconds for a peer response.
You can change the default settings for the initiator and/or responder mode intervals using the following CLI command
sequence.
sequence.
configure
context wsg_ctxt_name
wsg-service wsg_service_name
initiator-mode-duration seconds
responder-mode-duration seconds
exit
Notes:
seconds is an integer from 5 through 250.
Restrictions
The following restrictions apply when configuring an SecGW as an Initiator:
The peer-list peer_list_name command is only executed if the deployment mode for WSG service is site-to-site,
and the bind address matches with the peer list address type (IPv4 or IPv6).
You cannot change the WSG service deployment-mode if peer-list peer_list_name is enabled under the service.
You will be prompted to remove the peer list before changing the mode.
A maximum of 1,000 peer IP addresses can be added to the peer list via the Peer List Configuration mode
address command.
WSG service address binding is not allowed if a peer list is configured and both address types do not match. An
error message is generated if they do not match.
An IPv4 or IPv6 peer list cannot be modified if peer-list peer_list_name is enabled under the WSG service.