Table of Contents
Advertisement
▀ Configuring Optional Features on the P-GW
context <pgw_context_name> -noconfirm
ipsec transform-set <ipsec_transform-set_name>
encryption aes-cbc-128
group none
hmac sha1-96
mode tunnel
end
Notes:
The encryption algorithm,
default algorithm for IPSec transform sets configured on the system.
The
group none
disabled. This is the default setting for IPSec transform sets configured on the system.
The
hmac
keyword uses a 160-bit secret key to produce a 160-bit authenticator value. This is the default setting for IPSec
transform sets configured on the system.
The
mode tunnel
the IP header. This is the default setting for IPSec transform sets configured on the system.
Creating and Configuring an IKEv2 Transform Set
The following example configures an IKEv2 transform set:
configure
context <pgw_context_name> -noconfirm
ikev2-ikesa transform-set <ikev2_transform-set_name>
encryption aes-cbc-128
group 2
hmac sha1-96
lifetime <sec>
prf sha1
end
Notes:
The encryption algorithm,
default algorithm for IKEv2 transform sets configured on the system.
▄ Cisco ASR 5x00 Packet Data Network Gateway Administration Guide
186
aes-cbc-128
command specifies that no crypto strength is included and that Perfect Forward Secrecy is
command configures the Encapsulating Security Payload (ESP) integrity algorithm. The
command specifies that the entire packet is to be encapsulated by the IPSec header, including
aes-cbc-128
, or Advanced Encryption Standard Cipher Block Chaining, is the
, or Advanced Encryption Standard Cipher Block Chaining, is the
PDN Gateway Configuration
sha1-96
Advertisement
Table of Contents
