Cisco Cisco Packet Data Gateway (PDG)
HNB-GW Service Configuration Procedures
HNB-GW Service Configuration ▀
HNB-GW Administration Guide, StarOS Release 17 ▄
105
ca-certificate name <ca_root_cert_name> pem { data <pem_data_string> | url
<pem_data_url>}
<pem_data_url>}
exit
crypto template <segw_crypto_template> ikev2-dynamic
authentication local certificate
authentication remote certificate
keepalive interval <dur> timeout <dur_timeout>
certificate <x.509_cert_name>
ca-certificate list ca-cert-name <ca_root_cert_name>
payload <crypto_payload_name> match childsa [match {ipv4 | ipv6}]
ip-address-alloc dynamic
ipsec transform-setlist <ipsec_trans_set>
end
configure
context <vpn_ctxt_name>
subscriber default
ip context-name <vpn_ctxt_name>
ip address pool name <ip_pool_name>
end
Notes:
<
vpn_ctxt_name
> is name of the source context in which HNB-GW service is configured.
<
x.509_cert_name
> is name of the x.509 certificate where PEM data <
pem_data_string
> and PKI
<
PKI_pem_data_string
> is configured.
<
ca_root_cert_name
> is name of the CA root certificate where PEM data <
pem_data_string
> is
configured for CPE.
Security Gateway and Crypto map Template Configuration
Use the following example to configure the IPsec profile and Crypto map template enabling SeGW on HNB-GW for
IPsec tunneling.
IPsec tunneling.
configure
context <vpn_ctxt_name>