Cisco Cisco Packet Data Gateway (PDG)
Sample L2 Intrachassis HA Configuration
▀ WSG Configuration VM-2 (StarOS)
▄ SecGW Administration Guide, StarOS Release 18
90
WSG Configuration VM-2 (StarOS)
Notes:
Configure a ConnectedApps (oneP) interface in the local context for StarOS VM-2.
Configure a “wsg” context with an ACL, IPSec transform set and crypto template.
Configure clear traffic, srpa and srvip loopback interfaces with srp-activate.
Set aaa group and subscriber to default.
Configure wsg-service “abc”. Bind to crypto template with site-to-site deployment mode and IP access group
“one”.
Configure IP routes for IKE and clear traffic (IP addresses unique to VM-2).
Configure RRI route to network mode (IP address unique to VM-2).
Configure “srp” context with service-redundancy-protocol enabled (peer-ip-address and bind address reversed
from VSM-1).
Configure interface “icsr” with an IP route (IP address unique to VM-2).
Configure oneP/ConnectedApps session (sess-ip-address unique to VM-2). [TLS protocol]
Set wsg-lookup priorities.
Configure ethernet ports 1/10 (IKE), 1/11 (clear traffic) and 1/12 (ICSR-SRP).
Important:
The session name specified in the configuration on both the active and standby SecGW must be the
same.
config
context local
interface CA
ip address 192.168.122.15 255.255.255.0
exit
subscriber default
exit
administrator cisco encrypted password <encrypted_password>
aaa group default
exit
exit
port ethernet 1/1