Cisco Cisco Packet Data Interworking Function (PDIF)
dead-interval 15
checkpoint session duration non-ims-session 30
route-modifier threshold 10
priority 101
checkpoint session duration non-ims-session 30
route-modifier threshold 10
priority 101
monitor hsrp interface GigabitEthernet0/2/0/18.<srp_monitor_hsrp_vlan_ID> afi-type ipv4
hsrp-group <srp_hsrp-group_number>
peer-ip-address <srp_peer_IPv4-address>
bind address <srp_bind_IPv4-address>
bind address <srp_bind_IPv4-address>
#exit
interface icsr
interface icsr
ip address <srp_interface_icsr_IPv4-address_mask_per_CPU-VM>
#exit
subscriber default
exit
aaa group default
#exit
ip route <srp_iproute_IPv4-address_mask> <srp_iproute_IPv4-address> icsr
subscriber default
exit
aaa group default
#exit
ip route <srp_iproute_IPv4-address_mask> <srp_iproute_IPv4-address> icsr
#exit
context wsg
context wsg
ip access-list acl1
permit ip <wsg_acl1_permit1_IPv4-address_mask> <wsg_acl1_permit1_IPv4-address_mask> protocol
<IPv4-address_mask>
permit ip <wsg_acl1_permit2_IPv4-address_mask> <wsg_acl1_permit2_IPv4-address_mask> protocol
<IPv4-address_mask>
permit ip <wsg_acl1_permit3_IPv4-address_mask> <wsg_acl1_permit3_IPv4-address_mask> protocol
<IPv4-address_mask>
permit ip <wsg_acl1_permit4_IPv4-address_mask> <wsg_acl1_permit4_IPv4-address_mask> protocol
<IPv4-address_mask>
permit ip <wsg_acl1_permit5_IPv4-address_mask> <wsg_acl1_permit5_IPv4-address_mask> protocol
<IPv4-address_mask>
#exit
ipv6 access-list acl1
ipv6 access-list acl1
permit ip <wsg_acl1_permit1_IPv6-address_mask> <wsg_acl1_permit1_IPv6-address_mask>
permit ip <wsg_acl1_permit2_IPv6-address_mask> <wsg_acl1_permit2_IPv6-address_mask>
permit ip <wsg_acl1_permit3_IPv6-address_mask> <wsg_acl1_permit3_IPv6-address_mask>
permit ip <wsg_acl1_permit4_IPv6-address_mask> <wsg_acl1_permit4_IPv6-address_mask>
permit ip <wsg_acl1_permit5_IPv6-address_mask> <wsg_acl1_permit5_IPv6-address_mask>
permit ip <wsg_acl1_permit2_IPv6-address_mask> <wsg_acl1_permit2_IPv6-address_mask>
permit ip <wsg_acl1_permit3_IPv6-address_mask> <wsg_acl1_permit3_IPv6-address_mask>
permit ip <wsg_acl1_permit4_IPv6-address_mask> <wsg_acl1_permit4_IPv6-address_mask>
permit ip <wsg_acl1_permit5_IPv6-address_mask> <wsg_acl1_permit5_IPv6-address_mask>
#exit
ip pool <IPv4_pool_name> range <wsg_pool1_IPv4-address/mask> <wsg_pool2_IPv4-address_mask>
public <pool_priority>
ipv6 pool <IPv6_pool_name> prefix <wsg_pool1_IPv6-address/mask> public<pool_priority>
ipsec transform-set ipsec-ts-1
#exit
ikev2-ikesa transform-set ike-ts-1
#exit
crypto template ipv4 ikev2-dynamic
ipsec transform-set ipsec-ts-1
#exit
ikev2-ikesa transform-set ike-ts-1
#exit
crypto template ipv4 ikev2-dynamic
authentication local pre-shared-key encrypted key <unique_encrypted_key>
authentication remote pre-shared-key encrypted key <unique_encrypted_key>
max-childsa 5 overload-action ignore
ikev2-ikesa transform-set list ike-ts-1
ikev2-ikesa rekey
payload ipv4 match childsa match ipv4
authentication remote pre-shared-key encrypted key <unique_encrypted_key>
max-childsa 5 overload-action ignore
ikev2-ikesa transform-set list ike-ts-1
ikev2-ikesa rekey
payload ipv4 match childsa match ipv4
ip-address-alloc dynamic
ipsec transform-set list ipsec-ts-1
rekey keepalive
ipsec transform-set list ipsec-ts-1
rekey keepalive
#exit
SecGW Administration Guide, StarOS Release 19
149
Sample L3 Interchassis HA Configuration
SecGW VM Configuration - Backup ASR 9000 Chassis