Configuring Nat/Alg Support; Configuring Ecs Rulebase With Firewall-And-Nat Policy - Cisco ASR 5000 Administration Manual

▀ eWAG Configuration
gtpu { bind address <ipv4_address> | echo-interval <echo_interval_seconds> |
echo-retransmission { exponential-backoff [ [ min-timeout <min_retrans_timeout_seconds> ]
[ smooth-factor <smooth_factor> ] + ] | timeout <retrans_timeout_seconds> } | max-
retransmissions <max_retransmissions> | retransmission-timeout <retrans_timeout_seconds>
}
#To configure path failure detection policy:
path-failure detection-policy gtp { echo | non-echo } +
#To configure the restart counter change window to avoid service deactivations and
activations that could cause large bursts of network traffic if the restart counter
change messages from the GGSN are erroneous:
max-remote-restart-counter-change <variance>
end
Notes:
 The SGTP service must be associated in the eWAG service configuration.

Configuring NAT/ALG Support

This section explains NAT/ALG related configurations.
For eWAG, the Firewall-and-NAT policy for a subscriber can be specified either in the APN template or in the ECS
rulebase. For selection, the policy specified in the APN configuration has higher priority than the one specified in the
ECS rulebase configuration.


Configuring ECS Rulebase with Firewall-and-NAT Policy


Configuring APN with Firewall-and-NAT Policy

Configuring Routing Rules and NAT ALG
Configuring ECS Rulebase with Firewall-and-NAT Policy
To specify the Firewall-and-NAT policy in an ECS rulebase use the following configuration:
configure
active-charging service <ecs_service_name>
rulebase <rulebase_name>
fw-and-nat default-policy <fw_nat_policy_name>
end
▄ Cisco ASR 5000 Enhanced Wireless Access Gateway Administration Guide
46
Enhanced Wireless Access Gateway Configuration
OL-28188-02