1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Gateway
  5. ASR 5000 Series 3G Home NodeB
  6. Administration manual

Redundant Ipsec Tunnel Fail-Over Configuration; Configuring Crypto Group - Cisco ASR 5000 Series 3G Home NodeB Administration Manual

3g home nodeb gateway
Hide thumbs
Table of Contents

Advertisement

IP Security

Redundant IPSec Tunnel Fail-over Configuration

This section provides information and instructions for configuring the Redundant IPSec Tunnel Fail-over feature. These
instructions assume that the system was previously configured to support subscriber data sessions either as a core
service or an HA.
Important:
Important:
groups to use the same loopback interface for secondary IPSec tunnels is not recommended and may compromise
redundancy on the chassis.
Important:
more information on commands that configure additional parameters and options, refer Command Line Interface
Reference.
To configure the Crypto group to support IPSec:
Step 1
Configure a crypto group by following the steps in the
Step 2
Configure one or more ISAKMP policies according to the instructions provided in the
section of this chapter.
Step 3
Configure IPSec DPD settings using the instructions provided in the
of this chapter.
Step 4
Configure an ISAKMP crypto map for the primary and secondary tunnel according to the instructions provided in the
ISAKMP Crypto Map Configuration
Step 5
Match the existing ISAKMP crypto map to Crypto group by following the steps in the
Configuration to Match Crypto Group
Step 6
Verify your Crypto Group configuration by following the steps in the
section.
Step 7
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode
command
save configuration
System Administration Guide and the Command Line Interface Reference.

Configuring Crypto Group

Use the following example to configure a crypto group on your system for redundant IPSec tunnel fail-over support:
configure
context <ctxt_name>
ikev1 keepalive dpd interval <dur> timeout <dur> num-retry <retries>
OL-25069-03
Parameters configured using this procedure must be configured in the same context on the system.
The system supports a maximum of 32 crypto groups per context. However, configuring crypto
This section provides the minimum instruction set for configuring crypto groups on the system. For
section of this chapter.
section
. For additional information on how to verify and save configuration files, refer to the
Redundant IPSec Tunnel Fail-over Configuration ▀
Configuring Crypto Group
Dead Peer Detection (DPD) Configuration
Verifying the Crypto Group Configuration
Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄
section
ISAKMP Policy Configuration
Modify ISAKMP Crypto Map
section
177

Advertisement

Table of Contents
loading

Related Manuals for Cisco ASR 5000 Series 3G Home NodeB

Related Content for Cisco ASR 5000 Series 3G Home NodeB

This manual is also suitable for:

Asr 5000 series

Table of Contents