Cisco Cisco Packet Data Gateway (PDG)
PSF Changes in Release 17
PSF Enhancements for 17.0 ▀
Release Change Reference, StarOS Release 17 ▄
407
PSF Enhancements for 17.0
This section identifies all of the PSF enhancements included in this release:
Feature Changes - new or modified features or behavior changes. For details, refer to the PSF Administration Guide
for this release.
for this release.
Command Changes - changes to any of the CLI command syntax. For details, refer to the Command Line Interface
Reference for this release.
Reference for this release.
Performance Indicator Changes - new, modified, and deprecated bulk statistics, disconnect reasons, counters and/or
fields in new or modified schema and/or show command output. For details, refer to the Statistics and Counters
Reference for this release.
fields in new or modified schema and/or show command output. For details, refer to the Statistics and Counters
Reference for this release.
CSCuc83562 - [SFW] Need a way to make PPTP work without PPTP Analyser
Applicable Products: GGSN, HA, IPSG, PDSN, P-GW
Feature Changes
PPTP Traffic
When NAT is disabled, there is no need for a PPTP analyzer to be configured. Since PPTP analyzer tagged GRE flows
as 5-tuple, GRE flows were not passed through ASR5x00. As part of this enhancement, a rule is configured to allow all
GRE traffic using ruledefs. Hence, while NAT is disabled and PPTP analyzer is not configured, GRE flows will be
tagged as 3-tuple and flows will not be dropped. PPTP analyzer is a must for PPTP to work with NAT.
as 5-tuple, GRE flows were not passed through ASR5x00. As part of this enhancement, a rule is configured to allow all
GRE traffic using ruledefs. Hence, while NAT is disabled and PPTP analyzer is not configured, GRE flows will be
tagged as 3-tuple and flows will not be dropped. PPTP analyzer is a must for PPTP to work with NAT.
Backward compatibility is provided in this release to tag GRE flows as 5-tuple when PPTP analyzer is present, and must
be tagged as 3-tuple in the absence of PPTP analyzer.
be tagged as 3-tuple in the absence of PPTP analyzer.
Customer Impact: The user can allow PPTP traffic without performing DPI.
CSCue68175, CSCua99869 - Firewall changes for Radius policy support in Gx
Applicable Products: GGSN, HA, IPSG, PDSN, P-GW
Feature Changes
Firewall Policy via Gx
Previous Behavior: Firewall Policy via RADIUS and Gy is supported at call setup and also during mid-session.
New Behavior: Support for Firewall Policy via Gx is provided in this release. Recovery and ICSR is also supported for
the new policy being received via Gx. Firewall-and-NAT Policy can be applied at the initial call setup and also during
mid-session policy updates/changes.
the new policy being received via Gx. Firewall-and-NAT Policy can be applied at the initial call setup and also during
mid-session policy updates/changes.
The Diameter AVP "SN-Firewall-Policy" has been added to the Diameter dynamic dictionary to support Firewall policy
on Gx interface. This AVP can be encoded in CCA-I message to apply/overwrite the Firewall-and-NAT policy that has
either been statically assigned to the PDP context via APN configuration or dynamically assigned via RADIUS in
on Gx interface. This AVP can be encoded in CCA-I message to apply/overwrite the Firewall-and-NAT policy that has
either been statically assigned to the PDP context via APN configuration or dynamically assigned via RADIUS in