Cisco Cisco Packet Data Gateway (PDG) Guia De Resolução De Problemas
IP Security
▀ FA Services Configuration to Support IPSec
▄ Cisco ASR 5000 Series Enhanced Feature Configuration Guide
OL-22982-01
For maximum security, the default crypto map should be configured in addition to peer-ha crypto maps instead
of being used to provide IPSec SAs to all HAs. Note that once an IPSec tunnel is established between the FA
and HA for a particular subscriber, all new Mobile IP sessions using the same FA and HA are passed over the
tunnel regardless of whether or not IPSec is supported for the new subscriber sessions. Data for existing
Mobile IP sessions is unaffected.
and HA for a particular subscriber, all new Mobile IP sessions using the same FA and HA are passed over the
tunnel regardless of whether or not IPSec is supported for the new subscriber sessions. Data for existing
Mobile IP sessions is unaffected.
Verifying the FA Service Configuration with IPSec
These instructions are used to verify the FA service to support IPSec.
Step 1
Verify that your FA service is configured properly with IPSec by entering the following command in Exec Mode in
specific context:
specific context:
The output of this command is a concise listing of FA service parameter settings configured on the system.