Cisco Cisco Packet Data Gateway (PDG)
#exit
port ethernet 1/1
port ethernet 1/1
no shutdown
bind interface LOCAL1 local
bind interface LOCAL1 local
#exit
ca-certificate name test
ca-certificate name test
pem data
"-----BEGIN CERTIFICATE-----n
<certificate_data>
-----END CERTIFICATE-----"
<certificate_data>
-----END CERTIFICATE-----"
#exit
context wsg
context wsg
ip access-list acl1
permit ip <wsg_acl1_permit_IPv4-address_mask><wsg_acl1_permit_IPv4-address_mask>
#exit
ipv6 access-list acl1
ipv6 access-list acl1
permit ip <wsg_acl1_permit_IPv6-address_mask><wsg_acl1_permit_IPv6-address_mask>
#exit
no ip guarantee framed-route local-switching
ip pool pool1 range <wsg_pool1_IPv4-address/mask> <wsg_pool1_IPv4-address> public 0
ipv6 pool ipv6-pool1 prefix <wsg_pool1_IPv6-address/mask> public 0
ipsec transform-set tselsa-foo
#exit
ikev2-ikesa transform-set ikesa-foo
#exit
crypto template foo ikev2-dynamic
no ip guarantee framed-route local-switching
ip pool pool1 range <wsg_pool1_IPv4-address/mask> <wsg_pool1_IPv4-address> public 0
ipv6 pool ipv6-pool1 prefix <wsg_pool1_IPv6-address/mask> public 0
ipsec transform-set tselsa-foo
#exit
ikev2-ikesa transform-set ikesa-foo
#exit
crypto template foo ikev2-dynamic
authentication local pre-shared-key encrypted key <unique_encrypted_key_per_CPU-VM>
authentication remote pre-shared-key encrypted key <unique_encrypted_key_per_CPU-VM>
ikev2-ikesa transform-set list ikesa-foo
ikev2-ikesa rekey
payload foo-sa0 match childsa match ipv4
authentication remote pre-shared-key encrypted key <unique_encrypted_key_per_CPU-VM>
ikev2-ikesa transform-set list ikesa-foo
ikev2-ikesa rekey
payload foo-sa0 match childsa match ipv4
ipsec transform-set list tselsa-foo
rekey keepalive
rekey keepalive
#exit
identity local id-type ip-addr id <crypto_foo_IPv4-address>
identity local id-type ip-addr id <crypto_foo_IPv4-address>
#exit
crypto template foo-1 ikev2-dynamic
crypto template foo-1 ikev2-dynamic
authentication local pre-shared-key encrypted key <encrypted_key>
authentication remote pre-shared-key encrypted key <encrypted_key>
ikev2-ikesa transform-set list ikesa-foo
ikev2-ikesa rekey
payload foo-sa0 match childsa match ipv6
authentication remote pre-shared-key encrypted key <encrypted_key>
ikev2-ikesa transform-set list ikesa-foo
ikev2-ikesa rekey
payload foo-sa0 match childsa match ipv6
ipsec transform-set list tselsa-foo
rekey keepalive
rekey keepalive
#exit
identity local id-type ip-addr id <crypto_foo1_local_IPv6-address_mask>
identity local id-type ip-addr id <crypto_foo1_local_IPv6-address_mask>
#exit
interface clear
interface clear
ip address <wsg_interface_clear_IPv4-address>
ipv6 address <wsg_interface_clear_IPv6-address> secondary
ipv6 address <wsg_interface_clear_IPv6-address> secondary
#exit
interface ike loopback
interface ike loopback
ip address <wsg_interface_ike_IPv4-address mask> srp-activate
ipv6 address <wsg_interface_ike_IPv6-address/mask> srp-activate
ipv6 address <wsg_interface_ike_IPv6-address/mask> srp-activate
#exit
interface ike-loop loopback
interface ike-loop loopback
SecGW Administration Guide, StarOS Release 19
99
Sample L2 Interchassis HA Configuration
SecGW VM Configuration - Backup ASR 9000 Chassis