Cisco Cisco Packet Data Gateway (PDG)
IPSec Network Applications
▀ IPSec for Femto-UMTS Networks
▄ IPSec Reference, StarOS Release 17
58
x.509 Certificate Configuration
Use the following example to configure the x.509 certificates on the system to provide security certification between
FAP and SeGW in Femto-UMTS network.
FAP and SeGW in Femto-UMTS network.
configure
certificate name x.509_cert_name pem { data pem_data_string | url
pem_data_url} private-key pem { [encrypted] data PKI_pem_data_string | url
PKI_pem_data_url }
pem_data_url} private-key pem { [encrypted] data PKI_pem_data_string | url
PKI_pem_data_url }
ca-certificate name ca_root_cert_name pem { data pem_data_string | url
pem_data_url }
pem_data_url }
exit
crypto template segw_crypto_template ikev2-dynamic
authentication local certificate
authentication remote certificate
keepalive interval dur timeout dur_timeout
certificate x.509_cert_name
ca-certificate list ca-cert-name ca_root_cert_name
payload crypto_payload_name match childsa [match {ipv4 | ipv6}]
ip-address-alloc dynamic
ipsec transform-setlist ipsec_trans_set
end
configure
context vpn_ctxt_name
subscriber default
ip context-name vpn_ctxt_name
ip address pool name ip_pool_name
end
Notes:
vpn_ctxt_name is name of the source context in which HNB-GW service is configured.
x.509_cert_name is name of the x.509 certificate where PEM data pem_data_string and PKI
PKI_pem_data_string is configured.
ca_root_cert_name is name of the CA root certificate where PEM data pem_data_string is configured for CPE.