PDN Gateway Configuration
▀ Configuring Optional Features on the P-GW
▄ Cisco ASR 5x00 Packet Data Network Gateway Administration Guide
186
context <
pgw_context_name
> -noconfirm
ipsec transform-set <
ipsec_transform-set_name
>
encryption aes-cbc-128
group none
hmac sha1-96
mode tunnel
end
Notes:
The encryption algorithm,
aes-cbc-128
, or Advanced Encryption Standard Cipher Block Chaining, is the
default algorithm for IPSec transform sets configured on the system.
The
group none
command specifies that no crypto strength is included and that Perfect Forward Secrecy is
disabled. This is the default setting for IPSec transform sets configured on the system.
The
hmac
command configures the Encapsulating Security Payload (ESP) integrity algorithm. The
sha1-96
keyword uses a 160-bit secret key to produce a 160-bit authenticator value. This is the default setting for IPSec
transform sets configured on the system.
The
mode tunnel
command specifies that the entire packet is to be encapsulated by the IPSec header, including
the IP header. This is the default setting for IPSec transform sets configured on the system.
Creating and Configuring an IKEv2 Transform Set
The following example configures an IKEv2 transform set:
configure
context <
pgw_context_name
> -noconfirm
ikev2-ikesa transform-set <
ikev2_transform-set_name
>
encryption aes-cbc-128
group 2
hmac sha1-96
lifetime <
sec
>
prf sha1
end
Notes:
The encryption algorithm,
aes-cbc-128
, or Advanced Encryption Standard Cipher Block Chaining, is the
default algorithm for IKEv2 transform sets configured on the system.