Ttg Mode - Cisco ASR 5000 series Product Overview
Hide thumbs
Also See for ASR 5000 series:
- Administration manual (509 pages) ,
- Installation manual (317 pages) ,
- Thresholding configuration manual (163 pages)
Table of Contents
Advertisement
▀ Features and Functionality
Configure the name of the crypto template for IKEv2/IPSec: A crypto template is used to define an
IKEv2/IPSec policy. It includes IKEv2 and IPSec parameters for keepalive, lifetime, NAT-T, and
cryptographic and authentication algorithms. There must be one crypto template per PDG service.
The name of the EAP profile: The EAP profile defines the EAP authentication method and associated
parameters.
Multiple authentication support: Multiple authentication is specified as a part of crypto template
configuration.
IKEv2 and IPSec transform sets: Transform set defines the negotiable algorithms for IKE SAs and Child SAs
to enable calls to connect to the PDG/TTG.
The setup timeout value: This parameter specifies the session setup timeout timer value. The PDG/TTG
terminates a UE connection attempt if the UE does not establish a successful connection within the specified
timeout period.
Max-sessions: This parameter sets the maximum number of subscriber sessions allowed by this PDG service.
TTG Mode
The TTG mode of operation uses IKEv2/IPsec tunnels to deliver packet data services over untrusted WLANs with
connectivity to the Internet or managed networks.
In TTG mode, the system terminates an IPSec tunnel for each WLAN UE subscriber session established over the Wu
reference point. The TTG also establishes a corresponding GTP tunnel over the Gn' reference point to the GGSN. The
TTG and a subset of GGSN functions work together to provide PDG functionality to the WLAN UEs. In this
configuration, the GGSN sees the TTG as an SGSN, and no additional changes are required at the GGSN to support this
functionality.
IKEv2 and IP Security (IPSec) Encryption
The PDG/TTG supports IKEv2 and IPSec encryption using IPv4 addressing. IKEv2 and IPSec encryption enables
network domain security for all IP packet-switched networks in order to provide confidentiality, integrity,
authentication, and anti-replay protection. These capabilities are insured through use of cryptographic techniques.
IKEv2 and IP Security (IPSec) encryption includes the following options:
IKEv2 encryption protocols: AES-CBC with 128 bits, AES-CBC with 256 bits, 3DES-CBC, and DES-CBC
IKEv2 pseudo-random functions: PRF-HMAC-SHA1, PRF-HMAC-MD5
IKEv2 integrity: HMAC-SHA1-96, HMAC-MD5
IKEv2 Diffie-Hellman groups: 1, 2, 5, and 14
IPSec ESP (Encapsulating Security Payload) encryption: AES-CBC with 128 bits, AES-CBC with 256 bits,
3DES-CBC, and DES-CBC
IPSec integrity: HMAC-SHA1-96, HMAC-MD5
IKEv2 and IPSec rekeying
▄ Cisco ASR 5000 Series Product Overview
PDG/TTG Overview
OL-22938-02
Advertisement
Table of Contents
