для Cisco Cisco Packet Data Gateway (PDG)
SecGW Service Creation
WSG Service Configuration ▀
SecGW Administration Guide, StarOS Release 17 ▄
35
Pre-fragment MTU
You can specify the Maximum Transmission Unit (MTU) size (576–2048 bytes, default = 1400) which when exceeded
initiates pre-tunnel (before encryption) fragmentation of clear packets within this WSG service.
initiates pre-tunnel (before encryption) fragmentation of clear packets within this WSG service.
In the WSG Configuration mode, the following command specifies the pre-fragment MTU:
pre_fragment mtu size
Pre-Tunnel-Fragmentation improves packet processing performance as compared to post-tunnel-fragmentation.
If a clear IPv4 packet is longer than the predefined MTU size, it will be fragmented before the packet is encrypted and
transmitted to the Internet.
transmitted to the Internet.
If a clear IPv6 packet is longer than the predefined MTU size, it is dropped and an ICMP packet with the maximum
length is sent back to the source. The source will then fragment the IPv6 packet and retransmit.
length is sent back to the source. The source will then fragment the IPv6 packet and retransmit.
Responder Mode Duration
Use this command to specify the interval during which the WSG service (SecGW) will wait or a response from an IKE
peer before switching to initiator mode (default is 10 seconds). This command is only available when a peer-list has
been configured for the WSG service. See the IPSec Reference for additional information on configuring an SecGW as
an IKE initiator.
peer before switching to initiator mode (default is 10 seconds). This command is only available when a peer-list has
been configured for the WSG service. See the IPSec Reference for additional information on configuring an SecGW as
an IKE initiator.
IP Address Allocation Method
The default method for IPv4 address allocation is from a local pool. You also have the option of specifying a DHCPv4
proxy server.
proxy server.
The wsg-service configuration command sequence for changing to a DHCPv4 server is:
configure
context ctx_name
wsg-service service_name
ip address alloc-method dhcp-proxy
To specify the DHCP service to use when the alloc-method is dhcp proxy, the wsg-service configuration command
sequence is:
sequence is:
dhcp context-name context_name
dhcp service-name service_name
You must specify the context in which the DHCP service is configured, as well as the name of the DHCP service. Only
one DHCPv4 service can be configured.
one DHCPv4 service can be configured.
You must restart the WSG service for this setting to be effective. You restart the service by unbinding and binding the
IP address to the service context.
IP address to the service context.
A sample configuration sequence follows below.