Table of Contents
Advertisement
▀ Configuring Optional Features on the P-GW
encryption aes-cbc-128
group 2
hmac sha1-96
lifetime <sec>
prf sha1
end
Notes:
The encryption algorithm,
default algorithm for IKEv2 transform sets configured on the system.
The
group 2
Diffie-Hellman algorithm controls the strength of the crypto exponentials. This is the default setting for IKEv2
transform sets configured on the system.
The
hmac
keyword uses a 160-bit secret key to produce a 160-bit authenticator value. This is the default setting for
IKEv2 transform sets configured on the system.
The
lifetime
The
prf
distinguished from a random bit string without knowledge of the secret key. The
secret key to produce a 160-bit authenticator value. This is the default setting for IKEv2 transform sets
configured on the system.
Creating and Configuring a Crypto Map
The following example configures an IKEv2 crypto map:
configure
context <pgw_context_name>
crypto map <crypto_map_name> ikev2-ipv4
match address <acl_name>
peer <ipv4_address>
authentication local pre-shared-key key <text>
authentication remote pre-shared-key key <text>
ikev2-ikesa transform-set list <name1> . . . name6>
payload <name> match ipv4
▄ Cisco ASR 5x00 Packet Data Network Gateway Administration Guide
180
aes-cbc-128
command specifies the Diffie-Hellman algorithm as Group 2, indicating medium security. The
command configures the Encapsulating Security Payload (ESP) integrity algorithm. The
command configures the time the security key is allowed to exist, in seconds.
command configures the IKE Pseudo-random Function which produces a string of bits that cannot be
lifetime <seconds>
, or Advanced Encryption Standard Cipher Block Chaining, is the
PDN Gateway Configuration
sha1-96
keyword uses a 160-bit
sha1
Advertisement
Table of Contents
