для Cisco Cisco Packet Data Gateway (PDG)
SecGW Service Creation
▀ WSG Service Configuration
▄ SecGW Administration Guide, StarOS Release 17
36
configure
context wsg
wsg-service abc
deployment-mode remote-access
ip address alloc-method dhcp-proxy
dhcp service-name d1v4
dhcp context-name dhcp
bind address 32.32.32.30 crypto-template foo
exit
context wsg
wsg-service abc
deployment-mode remote-access
ip address alloc-method dhcp-proxy
dhcp service-name d1v4
dhcp context-name dhcp
bind address 32.32.32.30 crypto-template foo
exit
StarOS defaults to client-id none. Currently the wsg-service only supports client-identifier ike-id which must be set in
the dhcp-service used by the wsg-service. See the sample configuration below.
the dhcp-service used by the wsg-service. See the sample configuration below.
configure
context dhcp
dhcp-service dlv4
dhcp client-identifier ike-id
dhcp server 22.22.22.1
lease-time 1200
lease-duration min 900 max 10800
dhcp server selection-algorithm use-all
bind address 35.35.35.30
exit
context dhcp
dhcp-service dlv4
dhcp client-identifier ike-id
dhcp server 22.22.22.1
lease-time 1200
lease-duration min 900 max 10800
dhcp server selection-algorithm use-all
bind address 35.35.35.30
exit
Important:
StarOS limits the length of the IKE-ID to 128 bytes. If the IKE-ID is DER encoded, the encoded
IKE-ID must be within this limit.
Important:
If a DER encoded IKE-ID contains a common name, the common name is sent as the client-id. The
common name is limited to 64 characters to comply with the X.509 ASN.1 specification.
StarOS also needs an IP pool to setup flows for the range of addresses which may be assigned by the DHCP server.
Without the IP pool definition, the tunnel is setup but does not pass traffic. The IP pool must be defined in either the
WSG or DHCP context. See the sample configuration below.
Without the IP pool definition, the tunnel is setup but does not pass traffic. The IP pool must be defined in either the
WSG or DHCP context. See the sample configuration below.
configure
context dhcp
context dhcp
ip pool p1v4 35.35.34.0 255.255.255.0 public 0
Characteristics and Limitations
The following factors characterize WSG service configuration:
A WSG service configuration has precedence over the equivalent configuration in subscriber mode or the
template payload.
Any changes made to a WSG service require that the service be restarted to apply any changed parameters. You
restart the service by unbinding and binding the IP address to the service context.
Up to 16 named IPv4 pools can be configured. The list is sorted, and the addresses are allocated from the first
pool in the list with available addresses.
Multiple IPv6 pools can be configured.