Ip Security (Ipsec) - Cisco ASR 5000 Series Administration Manual

GGSN Support in GPRS/UMTS Wireless Data Services

IP Security (IPSec)

IP Security provides a mechanism for establishing secure tunnels from mobile subscribers to pre-defined endpoints (i.e.
enterprise or home networks) in accordance with the following standards:
RFC 2401, Security Architecture for the Internet Protocol
RFC 2402, IP Authentication Header (AH)
RFC 2406, IP Encapsulating Security Payload (ESP)
RFC 2409, The Internet Key Exchange (IKE)
RFC-3193, Securing L2TP using IPSEC, November 2001
IP Security (IPSec) is a suite of protocols that interact with one another to provide secure private communications across
IP networks. These protocols allow the system to establish and maintain secure tunnels with peer security gateways.
IPSec can be implemented on the system for the following applications:
PDN Access: Subscriber IP traffic is routed over an IPSec tunnel from the system to a secure gateway on the
Packet Data Network (PDN) as determined by Access Control List (ACL) criteria.
Mobile IP: Mobile IP control signals and subscriber data is encapsulated in IPSec tunnels that are established
between Foreign Agents (FAs) and Home Agents (HAs) over the Pi interfaces.
Important:
new Mobile IP sessions using the same FA and HA are passed over the tunnel regardless of whether or not
IPSec is supported for the new subscriber sessions. Data for existing Mobile IP sessions will be unaffected.
L2TP: L2TP-encapsulated packets are routed from the system to an LNS/secure gateway over an IPSec tunnel.
OL-22944-02
Once an IPSec tunnel is established between an FA and HA for a particular subscriber, all
Cisco ASR 5000 Series Gateway GPRS Support Node Administration Guide ▄
Features and Functionality - Optional Enhanced Feature Software ▀