Cisco Cisco Packet Data Gateway (PDG)
SecGW VM Configuration (StarOS)
Each SecGW (CPU-VM complex) must be separately configured as described below for corresponding
VSMs in both the primary and backup ASR 9000 chassis. There are four CPU-VM complexes per ASR
9000 VSM.
VSMs in both the primary and backup ASR 9000 chassis. There are four CPU-VM complexes per ASR
9000 VSM.
Important
The unique parameters for each CPU-VM complex must correspond with interface settings configured for
the primary and backup ASR 9000 chassis.
the primary and backup ASR 9000 chassis.
Notes:
• Enable hidden CLI test-commands.
• Install SecGW License.
• Assign unique host name per CPU-VM complex.
• Set crash log size to 2048 with compression.
• Require Session Recovery.
• Create local context with unique parameters per CPU-VM complex.
• Enable wsg-service with unique parameters per CPU-VM complex.
• Create SRP context with unique parameters per CPU-VM complex.
• Enable Connected Apps session with unique password and session name per CPU-VM complex.
• Set wsg-lookup priorities.
• Appropriately configure ethernet ports with unique parameters per CPU-VM complex. Refer to the
tables below for mapping of sample IP addresses for each SecGW.
Table 5: StarOS IP Address Mapping - SecGW1
Backup ASR 9000
Primary ASR 9000
Variable
192.168.122.15 255.255.255.0
100.100.100.1 255.255.255.0
<interfsace_LOCAL1_IPv4-address>
0.0.0.0 0.0.0.0 192.168.122.2
0.0.0.0 0.0.0.0 100.100.100.10
<iproute_:LOCAL1_IPv4-address_mask>
65.65.0.0 0.0.255.255
45.45.0.0 0.0.255.255
65.65.0.0 0.0.255.255
45.45.0.0 0.0.255.255
<wsg_acl1_permit_IPv4-address_mask>
2065:: ::ffff:ffff:ffff:ffff
2045:: ::ffff:ffff:ffff:ffff
2065:: ::ffff:ffff:ffff:ffff
2045:: ::ffff:ffff:ffff:ffff
<wsg_acl1_permit_IPv6-address/mask>
45.45.0.1
45.45.58.254
45.45.0.1
45.45.58.254
<wsg_pool1_IPv4-address>
2045::/56
2045::/56
<wsg_pool1_IPv6-address/mask>
SecGW Administration Guide, StarOS Release 19
87
Sample L2 Interchassis HA Configuration
SecGW VM Configuration (StarOS)