Radius Attributes For Ipsec-Based Mobile Ip Applications - Cisco ASR 5000 Series 3G Home NodeB Administration Manual

3g home nodeb gateway
Table of Contents

Advertisement

▀ RADIUS Attributes for IPSec-based Mobile IP Applications

RADIUS Attributes for IPSec-based Mobile IP Applications
As described in the
attributes stored in a subscriber's RADIUS profile to determine how IPSec should be implemented.
The table below lists the attributes that must be configured in the subscriber's RADIUS attributes to support IPSec for
Mobile IP. These attributes are contained in the following dictionaries:
 3GPP2
 3GPP2-835
 Starent
 Starent-835
 Starent-VSA1
 Starent-VSA1-835
Table 14.
Attribute
Description
3GPP2-
This attribute indicates the type of security
Security-
that the home network mandates on the
Level
visited network.
3GPP2 -
This attribute contains the opaque IKE
KeyId
Key Identifier for the FA/HA shared IKE
secret.
3GPP2-IKE-
This attribute contains the FA/HA shared
Secret
secret for the IKE protocol. This attribute
is salt-encrypted.
3GPP2-S
This attribute contains the 'S' secret
parameter used to make the IKE pre-
shared secret.
3GPP2- S-
This attribute contains the lifetime of the
Lifetime
'S' secret parameter used to make the IKE
pre-shared secret.
▄ Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide
170
How the IPSec-based Mobile IP Configuration Works
Attributes Used for Mobile IP IPSec Support
section of this chapter, the system uses
Variable
Integer value:
3 : Enables IPSec for tunnels and registration messages
4 : Disables IPSec
Supported value for the first eight bytes is the network-order FA IP
address in hexadecimal characters.
Supported value for the next eight bytes is the network-order HA IP
address in hexadecimal characters.
Supported value for the final four bytes is a timestamp in network
order, indicating when the key was created, and is the number of
seconds since January 1, 1970, UTC.
A binary string of 1 to 127 bytes.
A binary string of the value of 'S' consisting of 1 to 127 characters.
An integer in network order, indicating the time in seconds since
January 1, 1970 00:00
UTC. Note that this is equivalent to the Unix operating system
expression of time.
IP Security
OL-25069-03

Advertisement

Table of Contents
loading

This manual is also suitable for:

Asr 5000 series

Table of Contents