Cisco Cisco Packet Data Gateway (PDG)
Sample L2 Intrachassis HA Configuration
▀ WSG Configuration VM-2 (StarOS)
▄ SecGW Administration Guide, StarOS Release 17
78
WSG Configuration VM-2 (StarOS)
Notes:
Configure a ConnectedApps (oneP) interface in the local context for StarOS VM-2.
Configure a “wsg” context with an ACL, IPSec transform set and crypto template.
Configure clear traffic, srpa and srvip loopback interfaces with srp-activate.
Set aaa group and subscriber to default.
Configure wsg-service “abc”. Bind to crypto template with site-to-site deployment mode and IP access group
“one”.
Configure IP routes for IKE and clear traffic (IP addresses unique to VM-2).
Configure RRI route to network mode (IP address unique to VM-2).
Configure “srp” context with service-redundancy-protocol enabled (peer-ip-address and bind address reversed
from VSM-1).
Configure interface “icsr” with an IP route (IP address unique to VM-2).
Configure oneP/ConnectedApps session (sess-ip-address unique to VM-2). [TLS protocol]
Set wsg-lookup priorities.
Configure ethernet ports 1/10 (IKE), 1/11 (clear traffic) and 1/12 (ICSR-SRP).
Important:
The session name specified in the configuration on both the active and standby SecGW must be the
same.
config
context local
interface CA
ip address 192.168.122.15 255.255.255.0
exit
subscriber default
exit
administrator cisco encrypted password <encrypted_password>
aaa group default
exit
exit
port ethernet 1/1
no shutdown
bind interface CA local
exit
context wsg
ip access-list one
permit ip 66.66.0.0 0.0.255.255 45.45.0.0 0.0.255.255 protocol 255
exit
ipsec transform-set tselsa-foo
exit
context local
interface CA
ip address 192.168.122.15 255.255.255.0
exit
subscriber default
exit
administrator cisco encrypted password <encrypted_password>
aaa group default
exit
exit
port ethernet 1/1
no shutdown
bind interface CA local
exit
context wsg
ip access-list one
permit ip 66.66.0.0 0.0.255.255 45.45.0.0 0.0.255.255 protocol 255
exit
ipsec transform-set tselsa-foo
exit