Manual
Sample L3 Interchassis HA Configuration
SecGW VM Configuration (StarOS) ▀
SecGW Administration Guide, StarOS Release 17 ▄
177
#exit
context wsg
ip access-list acl1
permit ip <wsg_acl1_permit1_IPv4-address_mask> <wsg_acl1_permit1_IPv4-
address_mask>
permit ip <wsg_acl1_permit2_IPv4-address_mask> <wsg_acl1_permit2_IPv4-
address_mask>
permit ip <wsg_acl1_permit3_IPv4-address_mask> <wsg_acl1_permit3_IPv4-
address_mask>
permit ip <wsg_acl1_permit4_IPv4-address_mask> <wsg_acl1_permit4_IPv4-
address_mask4
permit ip <wsg_acl1_permit5_IPv4-address_mask> <wsg_acl1_permit5_IPv4-
address_mask>
#exit
ipv6 access-list acl1
permit ip <wsg_acl1_permit1_IPv6-address_mask> <wsg_acl1_permit1_IPv6-
address_mask>
permit ip <wsg_acl1_permit2_IPv6-address_mask> <wsg_acl1_permit2_IPv6-
address_mask>
permit ip <wsg_acl1_permit3_IPv6-address_mask> <wsg_acl1_permit3_IPv6-
address_mask>
permit ip <wsg_acl1_permit4_IPv6-address_mask> <wsg_acl1_permit4_IPv6-
address_mask>
permit ip <wsg_acl1_permit6_IPv6-address_mask> <wsg_acl1_permit5_IPv6-
address_mask>
#exit
no ip guarantee framed-route local-switching
ip pool pool1 range <wsg_pool1_IPv4-address/mask> <wsg_pool2_IPv4-address_mask>
public 0
ip pool pool2 range <wsg_pool2_IPv4-address/mask> <wsg_pool2_IPv4-
address_mask> public 0
ipv6 pool ipv6-pool1 prefix <wsg_pool1_IPv6-address/mask> public 0
ipsec transform-set ike-ts-1
#exit
ikev2-ikesa transform-set ikesa-foo
#exit
crypto template ipv4 ikev2-dynamic
authentication local pre-shared-key encrypted key <unique_encrypted_key>
authentication remote pre-shared-key encrypted key <unique_encrypted_key>
max-childsa 5 overload-action ignore
ikev2-ikesa transform-set list ike-ts-1
ikev2-ikesa rekey
payload ipv4 match childsa match ipv4
ip-address-alloc dynamic
ipsec transform-set list ipsec-ts-1
rekey keepalive
#exit
crypto template ipv4 ikev2-dynamic
authentication local pre-shared-key encrypted key <unique_encrypted_key>
authentication remote pre-shared-key encrypted key <unique_encrypted_key>
max-childsa 5 overload-action ignore