Cisco Cisco Packet Data Gateway (PDG)
Sample L2 Interchassis HA Configuration
SecGW VM Configuration (StarOS) ▀
SecGW Administration Guide, StarOS Release 17 ▄
123
interface ike-loop-v6 loopback
ipv6 address <wsg_interface_ike-loop_IPv6-address/mask> srp-activate
#exit
interface ike-loop1 loopback
ip address <wsg_interface_ike-loop1_IPv4-address_mask> srp-activate
#exit
subscriber default
exit
aaa group default
#exit
wsg-service ipv4
deployment-mode site-to-site
ip access-group acl1
bind address <wsg-service_bind_IPv4-address> crypto-template foo
#exit
wsg-service ipv6
deployment-mode site-to-site
ipv6 access-group acl1
bind address <wsg-service_bind_IPv6-address_per_CPU-VM> crypto-template
foo-1
#exit
ip route <wsg_iproute_clear_IPv4-address_mask> <wsg_iproute_clear__IPv4-
address> clear
ip route <wsg_iproute_ike1_IPv4-address mask> <wsg_iproute_ike1_IPv4-address>
ike
ip route <wsg_iproute_ike2_IPv4-address mask> <wsg_iproute_ike2_IPv4-address>
ike
ip route <wsg_iproute_ike3_IPv4-address mask> <wsg_iproute_ike3_IPv4-address>
ike
ipv6 route <wsg_iproute_clear_IPv6-address/mask>
<wsg_iproute_clear_nexthop_IPv6-address> interface clear
ipv6 route <wsg_iroute_ike1_IPv6-address/mask>
<wsg_iproute_ike1_nexthop_IPv6-address> interface ike
ipv6 route <wsg_iproute_ike2_IPv6-address/mask>
<wsg_iproute_ike2_nexthop_IPv6-address> interface ike
ipv6 route <wsg_iproute_ike3_IPv6-address/mask>
<wsg_iproute_ike3_nexthop_IPv6-address> interface ike
ip rri next-hop <wsg_rri_nexthop_IPv4-address> interface clear
ipv6 rri next-hop <wsg_rri_nexthop_IPv6-address> interface clear
#exit
context srp
no ip guarantee framed-route local-switching
service-redundancy-protocol
chassis-mode primary
hello-interval 3
configuration-interval 60
dead-interval 15
checkpoint session duration non-ims-session 30
route-modifier threshold 10
priority 10
monitor hsrp interface GigabitEthernet0/0/0/18.<srp_monitor_hsrp_vlan_ID>
afi-type IPv4 hsrp-group <srp_hsrp-group_number>
ipv6 address <wsg_interface_ike-loop_IPv6-address/mask> srp-activate
#exit
interface ike-loop1 loopback
ip address <wsg_interface_ike-loop1_IPv4-address_mask> srp-activate
#exit
subscriber default
exit
aaa group default
#exit
wsg-service ipv4
deployment-mode site-to-site
ip access-group acl1
bind address <wsg-service_bind_IPv4-address> crypto-template foo
#exit
wsg-service ipv6
deployment-mode site-to-site
ipv6 access-group acl1
bind address <wsg-service_bind_IPv6-address_per_CPU-VM> crypto-template
foo-1
#exit
ip route <wsg_iproute_clear_IPv4-address_mask> <wsg_iproute_clear__IPv4-
address> clear
ip route <wsg_iproute_ike1_IPv4-address mask> <wsg_iproute_ike1_IPv4-address>
ike
ip route <wsg_iproute_ike2_IPv4-address mask> <wsg_iproute_ike2_IPv4-address>
ike
ip route <wsg_iproute_ike3_IPv4-address mask> <wsg_iproute_ike3_IPv4-address>
ike
ipv6 route <wsg_iproute_clear_IPv6-address/mask>
<wsg_iproute_clear_nexthop_IPv6-address> interface clear
ipv6 route <wsg_iroute_ike1_IPv6-address/mask>
<wsg_iproute_ike1_nexthop_IPv6-address> interface ike
ipv6 route <wsg_iproute_ike2_IPv6-address/mask>
<wsg_iproute_ike2_nexthop_IPv6-address> interface ike
ipv6 route <wsg_iproute_ike3_IPv6-address/mask>
<wsg_iproute_ike3_nexthop_IPv6-address> interface ike
ip rri next-hop <wsg_rri_nexthop_IPv4-address> interface clear
ipv6 rri next-hop <wsg_rri_nexthop_IPv6-address> interface clear
#exit
context srp
no ip guarantee framed-route local-switching
service-redundancy-protocol
chassis-mode primary
hello-interval 3
configuration-interval 60
dead-interval 15
checkpoint session duration non-ims-session 30
route-modifier threshold 10
priority 10
monitor hsrp interface GigabitEthernet0/0/0/18.<srp_monitor_hsrp_vlan_ID>
afi-type IPv4 hsrp-group <srp_hsrp-group_number>