Cisco Cisco Packet Data Gateway (PDG)
Configuring the Evolved Packet Data Gateway
▀ Configuring the System to Perform as an Evolved Packet Data Gateway
▄ ePDG Administration Guide, StarOS Release 17
94
logging filter active facility epdg level <critical/error>
logging filter active facility aaamgr level<critical/error>
logging filter active facility diameter level<critical/error>
logging filter active facility egtpc level<critical/error>
logging filter active facility egtpmgr level<critical/error>
logging filter active facility gtpumgr level<critical/error>
logging filter active facility diameter-auth level<critical/error>
logging active
end
Non UICC device support for certificate and multi authentication configuration
List of authentication methods are defined and associated in Crypto Template. The basic sample configuration required
for OCSP and Certificate based authentication is as follows. For backward compatibility, the configuration for auth
method inside Crypto Template will be working.
for OCSP and Certificate based authentication is as follows. For backward compatibility, the configuration for auth
method inside Crypto Template will be working.
The following are the configuration considerations:
1. At max three sets of authentication methods in list can be associated.
2. Each set has only one local and one remote authentication method configuration.
3. The existing configuration inside the Crypto Template takes precedence over the new auth-method-set defined in
2. Each set has only one local and one remote authentication method configuration.
3. The existing configuration inside the Crypto Template takes precedence over the new auth-method-set defined in
case same auth method is configured at both places.
configure
#CA Certificate for device certificate authentication:
ca-certificate name <ca-name> pem url file: <ca certificate path>
#ePDG Certificate:
ca-certificate name <epdg-name> pem url file: <epdg certificate path> private-key pem
url file:<epdg private key path>
url file:<epdg private key path>
eap-profile <profile name>
mode authenticator-pass-through
#exit
ikev2-ikesa auth-method-set <list-name-1>
authentication remote certificate
authentication local certificate
#exit