Cisco Cisco Packet Data Gateway (PDG)

 

This section describes some of the security features associated with the provisioning of Lawful Intercept (LI). For 
additional information, refer to the Lawful Intercept Configuration Guide. 

An external authenticating agent (such as RADIUS or Diameter) sends a list of LI server addresses as part of access-
accept. For any intercept that was already installed or will be installed for that subscriber, a security check is performed 
to match the LI server address with any of the LI-addresses that were received from the authenticating agent. Only those 
addresses that pass this criteria will get the intercepted information for that subscriber. 

While configuring a campon trigger, the user will not be required to enter the destination LI server addresses. When a 
matching call for that campon trigger is detected, a security check is done with the list received from the authentication 
agent. The LI-related information is only forwarded if a matching address is found. 

When an active-only intercept is configured, if a matching call is found, a security check is made for the LI address 
received from the authentication agent and the intercept configuration will be rejected. 

If no information related to LI server addresses is received for that subscriber, LI server addresses will not be restricted. 

  A maximum of five LI server addresses are supported via an authenticating agent. 

One LI administrator can access and/or modify the intercepts created by another LI administrator. Whenever an 
intercept is added, removed or modified, an event log is displayed across LI administrators about the change. An SNMP 
trap is also generated.