Table of Contents
Advertisement
▀ Implementing IPSec for L2TP Applications
How IPSec is Used for L2TP Configurations on the GGSN
The following figure and the text that follows describe how IPSec-encrypted attribute-based L2TP sessions are
processed by the system.
Figure 15.
1
Source
Ctx.
G
GTPP
a
Cfg.
Net. Req.
PDP Ctx.
Cfg.
G
GGSN-
n
Service
Table 13. GGSN PDP Context Processing with IPSec-Encrypted L2TP
Step
Description
1.
A subscriber session/PDP Context Request arrives at the system.
2.
The configuration of the APN accessed by the subscriber indicates that session data is to be tunneled using L2TP. In
addition, attributes specifying a crypto map name and ISAKMP secret are also supplied indicating that IP security is also
required.
3.
The system determines that the crypto map name supplied matches a configured crypto map.
4.
From the crypto map, the system determines the following:
The map type, in this case dynamic
Whether perfect forward secrecy (PFS) should be enabled for the IPSec SA and if so, what group should be used
IPSec SA lifetime parameters
The name of one or more configured transform set defining the IPSec SA
▄ Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide
150
GGSN PDP Context Processing with IPSec-Encrypted L2TP
6
7
IPSec Tunnel
9
GGSN
Dest. Ctx.
Auth. Cfg.
AAA
DHCP
DHCP
Cfg.
Crypto Map
4
Transform
Set(s)
5
ISAKMP
Policy(ies)
2
LAC
Gi
Service
3
APN Cfg.
IP Address
Pool Cfg.
8
LNS/Security
Gateway
IP Security
OL-25069-03
Advertisement
Table of Contents
