Cisco Cisco Packet Data Gateway (PDG)
Sample L2 Interchassis HA Configuration
▀ SecGW VM Configuration (StarOS)
▄ SecGW Administration Guide, StarOS Release 18
146
SecGW VM Configuration (StarOS)
Important:
Each SecGW (CPU-VM complex) must be separately configured as described below for
corresponding VSMs in both the primary and backup ASR 9000 chassis. There are four CPU-VM complexes per ASR
9000 VSM.
9000 VSM.
The unique parameters for each CPU-VM complex must correspond with interface settings configured for the primary
and backup ASR 9000 chassis.
and backup ASR 9000 chassis.
Notes:
Enable hidden CLI test-commands.
Install SecGW License.
Assign unique host name per CPU-VM complex.
Set crash log size to 2048 with compression.
Require Session Recovery.
Create local context with unique parameters per CPU-VM complex.
Enable wsg-service with unique parameters per CPU-VM complex.
Create SRP context with unique parameters per CPU-VM complex.
Enable Connected Apps session with unique password and session name per CPU-VM complex.
Set wsg-lookup priorities.
Appropriately configure ethernet ports with unique parameters per CPU-VM complex. Refer to the tables below
for mapping of sample IP addresses for each SecGW.
Table 5. StarOS IP Address Mapping - SecGW1
Variable
Primary ASR 9000
Backup ASR 9000
<interfsace_LOCAL1_IPv4-address>
100.100.100.1 255.255.255.0
192.168.122.15 255.255.255.0
<iproute_:LOCAL1_IPv4-address_mask>
0.0.0.0 0.0.0.0 100.100.100.10
0.0.0.0 0.0.0.0 192.168.122.2
<wsg_acl1_permit_IPv4-address_mask>
65.65.0.0 0.0.255.255
45.45.0.0 0.0.255.255
45.45.0.0 0.0.255.255
65.65.0.0 0.0.255.255
45.45.0.0 0.0.255.255
45.45.0.0 0.0.255.255
<wsg_acl1_permit_IPv6-address/mask>
2065:: ::ffff:ffff:ffff:ffff
2045:: ::ffff:ffff:ffff:ffff
2045:: ::ffff:ffff:ffff:ffff
2065:: ::ffff:ffff:ffff:ffff
2045:: ::ffff:ffff:ffff:ffff
2045:: ::ffff:ffff:ffff:ffff
<wsg_pool1_IPv4-address>
45.45.0.1
45.45.58.254
45.45.58.254
45.45.0.1
45.45.58.254
45.45.58.254
<wsg_pool1_IPv6-address/mask>
2045::/56
2045::/56
<crypto_foo_local_IPv4-addrress>
35.35.35.35
35.35.35.35
<crypto_foo-1_local_IPv6-addrress>
2035::35
2035::35
<wsg_interface_clear_IPv4-address_mask>
51.51.51.11 255.255.255.0
61.61.61.11 255.255.255.0