Cisco Cisco Packet Data Interworking Function (PDIF)
Redundant IPSec Tunnel Fail-over
Redundant IPSec Tunnel Fail-over (IKEv1) ▀
IPSec Reference, StarOS Release 17 ▄
103
Redundant IPSec Tunnel Fail-over Configuration
This section provides information and instructions for configuring the Redundant IPSec Tunnel Fail-over feature. These
instructions assume that the system was previously configured to support subscriber data sessions either as a core
service or an HA.
instructions assume that the system was previously configured to support subscriber data sessions either as a core
service or an HA.
Important:
Parameters configured using this procedure must be configured in the same StarOS context.
Important:
StarOS supports a maximum of 32 crypto groups per context. However, configuring crypto groups to
use the same loopback interface for secondary IPSec tunnels is not recommended and may compromise redundancy on
the chassis.
the chassis.
Important:
This section provides the minimum instruction set for configuring crypto groups on the system. For
more information on commands that configure additional parameters and options, refer Command Line Interface
Reference.
Reference.
To configure the Crypto group to support IPSec:
Step 1
Step 2
Configure one or more ISAKMP policies according to the instructions provided in the ISAKMP Policy Configuration
chapter of this guide.
chapter of this guide.
Step 3
Step 4
Configure an ISAKMP crypto map for the primary and secondary tunnel according to the instructions provided in the
ISAKMP Crypto Map Configuration section of the Crypto Maps chapter of this guide.
ISAKMP Crypto Map Configuration section of the Crypto Maps chapter of this guide.
Step 5
Step 6
Step 7
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode
command save configuration. For additional information on how to verify and save configuration files, refer to the
System Administration Guide and the Command Line Interface Reference.
command save configuration. For additional information on how to verify and save configuration files, refer to the
System Administration Guide and the Command Line Interface Reference.