Cisco Cisco Packet Data Gateway (PDG)
ha-network-mode L2
ca-certificate-name cert_name
activate
ca-certificate-name cert_name
activate
exit
wsg-lookup
wsg-lookup
priority 1 source-netmask 28 destination-netmask 28
priority 2 source-netmask 32 destination-netmask 32
priority 3 source-netmask 16 destination-netmask 16
priority 4 source-netmask 24 destination-netmask 24
priority 2 source-netmask 32 destination-netmask 32
priority 3 source-netmask 16 destination-netmask 16
priority 4 source-netmask 24 destination-netmask 24
exit
port ethernet 1/10
port ethernet 1/10
no shutdown
bind interface ike wsg
bind interface ike wsg
exit
port ethernet 1/11
port ethernet 1/11
no shutdown
bind interface clear wsg
vlan 12
bind interface clear wsg
vlan 12
description "ICSR"
no shutdown
bind interface icsr srp
no shutdown
bind interface icsr srp
#exit
#exit
end
WSG Configuration VM-2 (StarOS)
Notes:
• Configure a ConnectedApps (oneP) interface in the local context for StarOS VM-2.
• Configure a "wsg" context with an ACL, IPSec transform set and crypto template.
• Configure clear traffic, srpa and srvip loopback interfaces with srp-activate.
• Set aaa group and subscriber to default.
• Configure wsg-service "abc". Bind to crypto template with site-to-site deployment mode and IP access
group "one".
• Configure IP routes for IKE and clear traffic (IP addresses unique to VM-2).
• Configure RRI route to network mode (IP address unique to VM-2).
• Configure "srp" context with service-redundancy-protocol enabled (peer-ip-address and bind address
reversed from VSM-1).
• Configure interface "icsr" with an IP route (IP address unique to VM-2).
• Configure oneP/ConnectedApps session (sess-ip-address unique to VM-2). [TLS protocol]
• Set wsg-lookup priorities.
• Configure ethernet ports 1/10 (IKE), 1/11 (clear traffic) and 1/12 (ICSR-SRP).
SecGW Administration Guide, StarOS Release 19
56
Sample L2 Intrachassis HA Configuration
WSG Configuration VM-2 (StarOS)