▀ Configuring Optional Features on the P-GW
Configuring Optional Features on the P-GW
The configuration examples in this section are optional and provided to cover the most common uses of the P-GW in a
live network. The intent of these examples is to provide a base configuration for testing.
The following optional configurations are provided in this section:
Configuring ACL-based Node-to-Node IP Security on the S5 Interface
Configuring APN as Emergency
Configuring Common Gateway Access Support
Configuring Dynamic Node-to-Node IP Security on the S5 Interface
Configuring the GTP Echo Timer
Configuring GTPP Offline Accounting on the P-GW
Configuring Local QoS Policy
Configuring X.509 Certificate-based Peer Authentication
Configuring ACL-based Node-to-Node IP Security on the S5 Interface
The configuration example in this section creates an IKEv2/IPSec ACL-based node-to-node tunnel endpoint on the S5
interface.
Important:
or Support representative for information on how to obtain a license.
The following configuration examples are included in this section:
Creating and Configuring a Crypto Access Control List
Creating and Configuring an IPSec Transform Set
Creating and Configuring an IKEv2 Transform Set
Creating and Configuring a Crypto Map
Creating and Configuring a Crypto Access Control List
The following example configures a crypto ACL (Access Control List), which defines the matching criteria used for
routing subscriber data packets over an IPSec tunnel:
configure
context <pgw_context_name> -noconfirm
ip access-list <acl_name>
permit tcp host <source_host_address> host <dest_host_address>
▄ Cisco ASR 5x00 Packet Data Network Gateway Administration Guide
178
Use of the IP Security feature requires that a valid license key be installed. Contact your local Sales
PDN Gateway Configuration