1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Gateway
  5. ASR 5000 Series 3G Home NodeB
  6. Administration manual

Configuring Support For L2Tp Attribute-Based Tunneling With Ipsec - Cisco ASR 5000 Series 3G Home NodeB Administration Manual

3g home nodeb gateway
Hide thumbs
Table of Contents

Advertisement

IP Security
Step
Description
5.
From the crypto map, the system determines the following:
The map type, in this case dynamic
Whether perfect forward secrecy (PFS) should be enabled for the IPSec SA and if so, what group should be used
IPSec SA lifetime parameters
The name of one or more configured transform set defining the IPSec SA
6.
To initiate the IKE SA negotiation, the system performs a Diffie-Hellman exchange of the ISAKMP secret specified in the
profile attribute with the specified peer LNS/security gateway.
7.
The system and the LNS/security gateway negotiate an ISAKMP (IKE) policy to use to protect further communications.
8.
Once the IKE SA has been negotiated, the system negotiates an IPSec SA with the LNS/security gateway using the
transform method specified in the transform sets.
9.
Once the IPSec SA has been negotiated, the system protects the L2TP encapsulated data according to the IPSec SAs
established during step 9 and sends it over the IPSec tunnel.

Configuring Support for L2TP Attribute-based Tunneling with IPSec

This section provides a list of the steps required to configure IPSec functionality on the system in support of attribute-
based L2TP tunneling. Each step listed refers to a different section containing the specific instructions for completing
the required procedure.
Important:
sessions and L2TP tunneling either as a PDSN or an HA. In addition, with the exception of subscriber attributes, all
other parameters configured using this procedure must be configured in the same destination context on the system as
the LAC service.
Step 1
Configure one or more transform sets according to the instructions located in the
of this chapter.
Step 2
Configure one or more ISAKMP policies according to the instructions located in the
section of this chapter.
Step 3
Configure an ipsec-isakmp crypto map according to the instructions located in the
section of this chapter.
Step 4
Configure the subscriber profile attributes according to the instructions located in the
Application IPSec Support
Step 5
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode
command
save configuration
System Administration Guide and the Command Line Interface Reference.
OL-25069-03
These instructions assume that the system was previously configured to support subscriber data
section of this chapter.
. For additional information on how to verify and save configuration files, refer to the
Transform Set Configuration
Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄
Implementing IPSec for L2TP Applications ▀
ISAKMP Policy Configuration
Dynamic Crypto Map Configuration
Subscriber Attributes for L2TP
section
147

Advertisement

Table of Contents
loading

Related Manuals for Cisco ASR 5000 Series 3G Home NodeB

Related Content for Cisco ASR 5000 Series 3G Home NodeB

This manual is also suitable for:

Asr 5000 series

Table of Contents