для Cisco Cisco Packet Data Gateway (PDG)
SecGW Service Creation
WSG Service Configuration ▀
SecGW Administration Guide, StarOS Release 17 ▄
37
Multiple IPv4 and IPv6 ACLs can be configured.
IPv4 pools are only used for IPv4 calls; IPv6 pools are only used for IPv6 calls.
Lookup Priority
The Wireless Security Gateway Lookup Priority List Configuration Mode is used to set the priority (1–6) of subnet
combinations for site-to-site tunnels.
combinations for site-to-site tunnels.
The following command sequence sets the lookup priority:
config
wsg-lookup
priority priority_level source-netmask subnet_size destination netmask
subnet_size
subnet_size
For the packet lookup to work optimally, the top bits in the negotiated TSi for all the tunnels should be unique. The top
number of bits that must be unique is equal to the lowest “destination-netmask” configured under all lookup priorities.
number of bits that must be unique is equal to the lowest “destination-netmask” configured under all lookup priorities.
For example, if the lowest destination-netmask configured under any priority is 16:
priority 1 source-netmask 20 destination-netmask 18
priority 2 source-netmask 22 destination-netmask 16
priority 2 source-netmask 22 destination-netmask 16
A valid set of traffic selectors for the configured set of lookup priorities would be:
IPSec Tunnel 1: 10.11.1.0(tsi) - 20.20.1.0(tsr)
IPSec Tunnel 2: 10.10.2.0(tsi) - 20.20.2.0(tsr)
An invalid set of traffic selectors would be:
IPSec Tunnel 1: 10.10.1.0(tsi) - 20.20.1.0(tsr)
IPSec Tunnel 2: 10.10.2.0(tsi) - 20.20.2.0(tsr)
The above set is invalid because the top 16 bits for these two tunnels are not unique, both are 10.10.
The network should be designed to accommodate this requirement.
For additional information, see the WSG Lookup Priority List Configuration Mode chapter of the Command Line
Interface Reference.
Interface Reference.