1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Gateway
  5. ASR 5000 Series 3G Home NodeB
  6. Administration manual

Cisco ASR 5000 Series 3G Home NodeB Administration Manual page 142

3g home nodeb gateway
Hide thumbs
Table of Contents

Advertisement

▀ Implementing IPSec for Mobile IP Applications
Step
Description
1.
FA service receives a Mobile IP registration request from the mobile node.
2.
FA sends an Access-Request to the FAAA server with the 3GPP2-IKE-Secret-Request attribute equal to yes.
3.
The FAAA proxies the request to the HAAA.
4.
The HAAA returns an Access-Accept message including the following attributes:
3GPP2-Security-Level set to 3 for IPSec tunnels and registration messages
3GPP2-MIP-HA-Address indicating the IP address of the HA that the FA is to communicate with.
3GPP2-KeyId providing an identification number for the IKE secret (alternatively, the keys may be statically
configured for the FA and/or HA)
3GPP2-IKE-Secret indicating the pre-shared secret to use to negotiate the IKE SA
5.
The FAAA passes the accept message to the FA with all of the attributes.
6.
The FA determines if an IPSec SA already exists based on the HA address supplied. If so, that SA will be used. If not, a
new IPSec SA will be negotiated.
7.
The FA determines the appropriate crypto map to use for IPSec protection based on the HA address attribute. It does this by
comparing the address received to those configured using the
system determines the following:
The map type, in this case dynamic
Whether perfect forward secrecy (PFS) should be enabled for the IPSec SA and if so, what group should be used
IPSec SA lifetime parameters
The name of one or more configured transform set defining the IPSec SA
8.
To initiate the IKE SA negotiation, the FA performs a Diffie-Hellman (D-H) exchange of the ISAKMP secret specified in
the IKE secret attribute with the peer HA dictated by the HA address attribute. Included in the exchange is the Key ID
received from the HAAA.
9.
Upon receiving the exchange, the HA sends an access request to the HAAA with the following attributes:
3GPP2-S-Request (note that this attribute is not used if the IPSec keys are statically configured)
3GPP2-User-name (the username specified is the IP addresses of the FA and HA).
The password used in the access request is the RADIUS shared secret.
10.
The HAAA returns an Access-Accept message to the HA with the following attributes:
3GPP2-S indicating the "S" secret used to generate the HA's response to the D-H exchange
3GPP2-S-Lifetime indicating the length of time that the "S" secret is valid
3GPP2-Security-Level set to 3 for IPSec tunnels and registration messages (optional)
▄ Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide
142
command. From the crypto map, the
isakmp peer-ha
IP Security
OL-25069-03

Advertisement

Table of Contents
loading

Related Manuals for Cisco ASR 5000 Series 3G Home NodeB

Related Products for Cisco ASR 5000 Series 3G Home NodeB

This manual is also suitable for:

Asr 5000 series

Table of Contents