Table of Contents
Advertisement
PDN Gateway Configuration
end
Notes:
The
permit
address to the server with the specified destination host IPv4 address.
Creating and Configuring an IPSec Transform Set
The following example configures an IPSec transform set, which is used to define the security association that
determines the protocols used to protect the data on the interface:
configure
context <pgw_context_name> -noconfirm
ipsec transform-set <ipsec_transform-set_name>
encryption aes-cbc-128
group none
hmac sha1-96
mode tunnel
end
Notes:
The encryption algorithm,
default algorithm for IPSec transform sets configured on the system.
The
group none
disabled. This is the default setting for IPSec transform sets configured on the system.
The
hmac
keyword uses a 160-bit secret key to produce a 160-bit authenticator value. This is the default setting for IPSec
transform sets configured on the system.
The
mode tunnel
the IP header. This is the default setting for IPSec transform sets configured on the system.
Creating and Configuring an IKEv2 Transform Set
The following example configures an IKEv2 transform set:
configure
context <pgw_context_name> -noconfirm
ikev2-ikesa transform-set <ikev2_transform-set_name>
command in this example routes IPv4 traffic from the server with the specified source host IPv4
aes-cbc-128
command specifies that no crypto strength is included and that Perfect Forward Secrecy is
command configures the Encapsulating Security Payload (ESP) integrity algorithm. The
command specifies that the entire packet is to be encapsulated by the IPSec header including
, or Advanced Encryption Standard Cipher Block Chaining, is the
Cisco ASR 5x00 Packet Data Network Gateway Administration Guide ▄
Configuring Optional Features on the P-GW ▀
sha1-96
179
Advertisement
Table of Contents
