Manual
oneP Communication
Connected Apps Sessions ▀
SecGW Administration Guide, StarOS Release 17 ▄
45
Connected Apps Sessions
The StarOS client Connected Apps (oneP) application running on the wsg-service VM can set up a TLS (Transport
Layer Security) session with the oneP server running on the ASR 9000 route processor (RP).
Enabling oneP on ASR 9000 RSP
To enable oneP communication with the VSM, the corresponding oneP server configuration should be done on the ASR
9000 Route Switch Processor (RSP). For IOS-XR 5.2.0 version onwards, only TLS transport type is supported for oneP
connection. The basic configuration sequence is:
onep
transport type tls localcert onep-tp disable-remotecert-validation
!
crypto ca trustpoint onep-tp
crl optional
subject-name CN=ASR9K-8.cisco.com
enrollment url terminal
!
By default, OneP flows are blocked at the LPTS layer on the VSM. That is why you must configure a policer rate for
OneP flow for VSM.
For additional information, refer to the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware
Component Configuration Guide – Configuring Virtual Services on the Cisco ASR 9000 Series Router
Configuring a Client CA Session
Before a CA session can be activated via StarOS, the operator must configure the session parameters – IP address,
session name, username and password.
Important: A client CA session must be configured via StarOS on each VPC-VSM instance running on the VSM
(one per CPU).
The following sample StarOS CA mode CLI command sequence configures the CA session parameters: