Cisco Cisco Packet Data Gateway (PDG)
HNB-GW Service Configuration Procedures
HNB-GW Service Configuration ▀
HNB-GW Administration Guide, StarOS Release 16 ▄
101
path-failure detection-policy gtp echo
end
Notes:
<
dest_ctxt_name
> is name of the destination context in which GTP-U service configured to provide GTP-U
tunnel over IuPS interface towards core network.
<
gtpu_ps_svc_name
> is name of the GTP-U service configured to provide GTP-U tunnel over IuPS interface
towards core network.
<
vpn_ctxt_name
> is name of the source context in which HNB-GW service is to be configured. The same
context must be used for GTP-U service configuration to provide GTP-U tunnel over Iuh interface towards
HNB.
HNB.
<
gtpu_iuh_svc_name
> is name of the GTP-U service configured to provide GTP-U tunnel over Iuh interface
towards HNB.
x.509 Certificate Configuration
Use the following example to configure the x.509 certificates on the system to provide security certification between
FAP and SeGW on HNB-GW.
FAP and SeGW on HNB-GW.
configure
certificate name <x.509_cert_name> pem { data <pem_data_string> | url <pem_data_url>}
private-key pem { [encrypted] data <PKI_pem_data_string> | url <PKI_pem_data_url>}
private-key pem { [encrypted] data <PKI_pem_data_string> | url <PKI_pem_data_url>}
ca-certificate name <ca_root_cert_name> pem { data <pem_data_string> | url
<pem_data_url>}
<pem_data_url>}
exit
crypto template <segw_crypto_template> ikev2-dynamic
authentication local certificate
authentication remote certificate
keepalive interval <dur> timeout <dur_timeout>
certificate <x.509_cert_name>
ca-certificate list ca-cert-name <ca_root_cert_name>
payload <crypto_payload_name> match childsa [match {ipv4 | ipv6}]
ip-address-alloc dynamic
ipsec transform-setlist <ipsec_trans_set>
end
configure