1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Gateway
  5. ASR 5000 Series 3G Home NodeB
  6. Administration manual

Manual Crypto Maps; Isakmp Crypto Maps; Dynamic Crypto Maps - Cisco ASR 5000 Series 3G Home NodeB Administration Manual

3g home nodeb gateway
Hide thumbs
Table of Contents

Advertisement

▀ IPSec Terminology
 ISAKMP crypto maps
 Dynamic crypto maps

Manual Crypto Maps

These are static tunnels that use pre-configured information (including security keys) for establishment. Because they
rely on statically configured information, once created, the tunnels never expire; they exist until their configuration is
deleted.
Manual crypto maps define the peer security gateway to establish a tunnel with, the security keys to use to establish the
tunnel, and the IPSec SA to be used to protect data sent/received over the tunnel. Additionally, manual crypto maps are
applied to specific system interfaces.
Important:
are not as secure as crypto maps that rely on dynamically configured keys. Therefore, it is recommended that they only
be configured and used for testing purposes.

ISAKMP Crypto Maps

These tunnels are similar to manual crypto maps in that they require some statically configured information such as the
IP address of a peer security gateway and that they are applied to specific system interfaces.
However, ISAKMP crypto maps offer greater security because they rely on dynamically generated security associations
through the use of the Internet Key Exchange (IKE) protocol.
When ISAKMP crypto maps are used, the system uses the pre-shared key configured for map as part of the Diffie-
Hellman (D-H) exchange with the peer security gateway to initiate Phase 1 of the establishment process. Once the
exchange is complete, the system and the security gateway dynamically negotiate IKE SAs to complete Phase 1. In
Phase 2, the two peers dynamically negotiate the IPSec SAs used to determine how data traversing the tunnel will be
protected.

Dynamic Crypto Maps

These tunnels are used for protecting L2TP-encapsulated data between the system and an LNS/security gateway or
Mobile IP data between an FA service configured on one system and an HA service configured on another.
The system determines when to implement IPSec for L2TP-encapsulated data either through attributes returned upon
successful authentication for attribute based tunneling, or through the configuration of the LAC service used for
compulsory tunneling.
The system determines when to implement IPSec for Mobile IP based on RADIUS attribute values as well as the
configurations of the FA and HA service(s).
▄ Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide
136
Because manual crypto map configurations require the use of static security keys (associations), they
IP Security
OL-25069-03

Advertisement

Table of Contents
loading

Related Manuals for Cisco ASR 5000 Series 3G Home NodeB

Related Content for Cisco ASR 5000 Series 3G Home NodeB

This manual is also suitable for:

Asr 5000 series

Table of Contents