...
To configure PCSI LI:
| Anchor |
|---|
| Configuring SBC Core IPSEC |
|---|
| Configuring SBC Core IPSEC |
|---|
|
Configuring SBC Core IPsec| Code Block |
|---|
### create and configure IKE and IPsec protection profiles
set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF saLifetimeTime 28800
set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF espAlgorithms inte hmacSha1,hmacMd5
set profiles security ipsecProtectionProfile PRGGSX2_IPSEC_PROT_PROF espAlgorithms encryption aesCbc128,3DesCbc
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF saLifetimeTime 28800
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF algorithms encryption aesCbc128,3DesCbc
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF algorithms integ hmacSha1,hmacMd5
set profiles security ikeProtectionProfile PRGGSX2_IKE_PROT_PROF dpdInterval noDpd
commit
### create IKE peer
set addressContext default ipsec peer PRGGSX2 ipAddress 10.220.11.8 preShared 00000000000000000000000000000000
set addressContext default ipsec peer PRGGSX2 localIdentity type ipV4Addr ipAddress 10.220.41.161
set addressContext default ipsec peer PRGGSX2 remoteIdentity type ipV4Addr ipAddress 10.220.11.22
set addressContext default ipsec peer PRGGSX2 protectionProfile PRGGSX2_IKE_PROT_PROF
commit
### create an SPD rule for this IKE peer
set addressContext default ipsec spd PRGGSX2_SPD state enabled precedence 1001
set addressContext default ipsec spd PRGGSX2_SPD localIpAddr 10.220.41.161 localIpPrefixLen 32 remoteIpAddr 10.220.11.22 remoteIpPrefixLen 32
set addressContext default ipsec spd PRGGSX2_SPD action protect
set addressContext default ipsec spd PRGGSX2_SPD protocol 17
set addressContext default ipsec spd PRGGSX2_SPD protectionProfile PRGGSX2_IPSEC_PROT_PROF
set addressContext default ipsec spd PRGGSX2_SPD mode transport
set addressContext default ipsec spd PRGGSX2_SPD peer PRGGSX2
commit
### enable IPsec on the IP interface group
set addressContext default ipInterfaceGroup LIG1 enabled
commit |
| Anchor |
|---|
| Configuring IP Interface Group |
|---|
| Configuring IP Interface Group |
|---|
|
Configuring CDC with IP Interface Group
...
To configure the IP Interface Group, execute the following command:
| Code Block |
|---|
|
% set addressContext default intercept callDataChannel CDC ipInterfaceGroupName LIG1
commit |
...
For other options of configuring the intercept flavor as IMS LI, refer to the section Configuring SBC For Lawful Interception.
| Code Block |
|---|
% set addressContext default intercept callDataChannel CDC interceptStandard packetCable vendorId ss8
commit |
...
| Note |
|---|
The PCSI LI supports configuring up to 8 mediation servers under the CDC. |
| Code Block |
|---|
|
% set addressContext default intercept callDataChannel CDC interceptStandard mediationServer MS1
commit |
| Anchor |
|---|
| Configuring Mediation Server for Media Interception over TCP |
|---|
| Configuring Mediation Server for Media Interception over TCP |
|---|
|
Configuring CDC for Media Interception over TCP
| Code Block |
|---|
|
% set addressContext default intercept callDataChannel CDC mediationServer MS1 media tcp ipAddress fc22:3200::230:7 portNumber 8765 dscpValue 0
commit
% set addressContext default intercept callDataChannel CDC mediationServer MS1 media tcp mode inService state enabled
commit |
| Anchor |
|---|
| Configuring RTCP Interception |
|---|
| Configuring RTCP Interception |
|---|
|
Configuring CDC for RTCP Interception
| Code Block |
|---|
% set addressContext default intercept callDataChannel CDC rtcpInterception enabled
commit |
...
To view the CDC configuration, execute the following command:
| Code Block |
|---|
% show addressContext default intercept callDataChannel CDC
interceptStandard packetcable;
vendorId ss8;
ipInterfaceGroupName LIG1;
mediationServer MS1 {
media {
tcp {
ipAddress 10.54.6.1;
portNumber 8765;
dscpValue 0;
mode inService;
state enabled;
}
}
}
[ok] |
...