1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Gateway
  5. ASR 5000 Series 3G Home NodeB
  6. Administration manual

Configuring Ipsec Support For Mobile Ip - Cisco ASR 5000 Series 3G Home NodeB Administration Manual

3g home nodeb gateway
Hide thumbs
Table of Contents

Advertisement

IP Security
Step
Description
11.
The HA determines the appropriate crypto map to use for IPSec protection based on the FA's address. It does this by
comparing the address received to those configured using the
system determines the following:
The map type, in this case dynamic
Whether perfect forward secrecy (PFS) should be enabled for the IPSec SA and if so, what group should be used
IPSec SA lifetime parameters
The name of one or more configured transform set defining the IPSec SA
12.
The HA creates a response to the D-H exchange using the "S" secret and the Key ID sent by the FA.
13.
The HA sends IKE SA negotiation D-H exchange response to the FA.
14.
The FA and the HA negotiate an ISAKMP (IKE) policy to use to protect further communications.
15.
Once the IKE SA has been negotiated, the system negotiates an IPSec SA with the security gateway using the transform
method specified in the transform sets.
16.
Once the IPSec SA has been negotiated, the system protects the data according to the IPSec SAs established during step 15
and sends it over the IPSec tunnel.
Important:
Mobile IP sessions using the same FA and HA are passed over the tunnel regardless of whether or not IPSec is
supported for the new subscriber sessions. Data for existing Mobile IP sessions is unaffected.

Configuring IPSec Support for Mobile IP

This section provides a list of the steps required to configure IPSec functionality on the system in support of Mobile IP.
Each step listed refers to a different section containing the specific instructions for completing the required procedure.
Important:
sessions either as an FA or an HA.
Step 1
Configure one or more transform sets for the FA system according to the instructions located in the
Configuration
section of this chapter.
The transform set(s) must be configured in the same context as the FA service.
Step 2
Configure one or more ISAKMP policies or the FA system according to the instructions located in the
Configuration
section of this chapter.
The ISAKMP policy(ies) must be configured in the same context as the FA service.
Step 3
Configure an ipsec-isakmp crypto map or the FA system according to the instructions located in the
Map Configuration
The crypto map(s) must be configured in the same context as the FA service.
OL-25069-03
Once an IPSec tunnel is established between an FA and HA for a particular subscriber, all new
These instructions assume that the systems were previously configured to support subscriber data
section of this chapter.
command. From the crypto map, the
isakmp peer-fa
Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄
Implementing IPSec for Mobile IP Applications ▀
Transform Set
ISAKMP Policy
Dynamic Crypto
143

Advertisement

Table of Contents
loading

Related Manuals for Cisco ASR 5000 Series 3G Home NodeB

Related Content for Cisco ASR 5000 Series 3G Home NodeB

This manual is also suitable for:

Asr 5000 series

Table of Contents