для Cisco Cisco Packet Data Gateway (PDG)
• Duplicate Session Detection
• Extended Sequence Number
• Security Gateway as IKE Initiator
• Support to provide DNS server address to the Peer
Reverse Route Injection
SecGW also supports Reverse Route Injection (RRI). RRI injects routes in the reverse direction onto the ASR
9000 VSM so that clear traffic can be routed to the correct interface on the target VPC-VSM. For additional
information, see the Reverse Route Injection chapter.
9000 VSM so that clear traffic can be routed to the correct interface on the target VPC-VSM. For additional
information, see the Reverse Route Injection chapter.
SecGW Management
Each SecGW instance is configured individually via its Management port. However, the Cisco Prime network
management tool can be used to configure and manage individual SecGW instances.
management tool can be used to configure and manage individual SecGW instances.
A common or default configurations can be captured as "templates" in Cisco Prime which are then applied
to each SecGW instance or all SecGW instances in the network.
to each SecGW instance or all SecGW instances in the network.
For additional information on the Cisco Prime Mobility suite, contact your Cisco account representative.
Alternatively an operator can create a StarOS configuration file on the first gateway. The resulting configuration
file can then be copied and edited offline with different parameters. The edited configuration file is then copied
to the flash drive of the second SecGW. The process is repeated until all four SecGWs have been initially
configured.
file can then be copied and edited offline with different parameters. The edited configuration file is then copied
to the flash drive of the second SecGW. The process is repeated until all four SecGWs have been initially
configured.
Subsequent changes made to the configuration of each SecGW must be saved to the local configuration file.
For security and recovery the individual configuration files should then be saved off the VMS to a target
network destination.
For security and recovery the individual configuration files should then be saved off the VMS to a target
network destination.
For additional information, see the VPC-VSM System Administration Guide.
oneP Communication
Each SecGW creates a oneP session with the ASR 9000 for route insertions, policy creation and flow creation.
For additional information, refer to the oneP Communication chapter.
For additional information, refer to the oneP Communication chapter.
ASR 9000 VSM IPSec High Availability
This section briefly describes the IPSec High Availability (HA) capabilities for VSM service cards within an
ASR 9000.
ASR 9000.
For this release the ASR 9000 supports the following levels of High Availability
•
Process Recovery, on page 9
•
VSM-to-VSM ICSR 1:1 Redundancy, on page 9
•
Chassis-to-Chassis ICSR Redundancy, on page 10
SecGW Administration Guide, StarOS Release 19
8
Security Gateway Overview
oneP Communication