▀ Features and Functionality
Features and Functionality
This section describes the features and functions supported by the FNG.
The following features are supported and described in this section:
•
FNG Service
•
IKEv2 and IP Security (IPSec) Encryption
•
X.509 Certificate-based Peer Authentication
•
A12 Aggregation
•
RADIUS Support
•
AAA Server Group Selection
•
FAP ID-based Duplicate Session Detection
•
Child SA Rekey Support
•
Multiple Child SAs
•
DoS Protection Cookie Challenge
•
IKEv2 Keep-Alive Messages (Dead Peer Detection)
•
DSCP Marking
•
Custom DNS Handling
•
Session Recovery Support
•
Congestion Control
•
Bulk Statistics
•
Threshold Crossing Alerts
FNG Service
The FNG service and its associated processes enable the system to function as a femtocell gateway. The FNG service
enables the FAPs in the network to connect to the core network elements via a secure IPSec interface. During
configuration, you create the FNG service in an FNG context, which is a routing domain on the ASR 5000. FNG context
and service configuration includes the following main steps:
• Configure the IPv4 address for the service: This is the IP address of the FNG to which the FAPs in the
network attempt to connect, sending IKEv2 messages to this IP address to establish IPSec tunnels.
• Configure the name of the crypto template for IKEv2/IPSec: A crypto template is used to configure an
IKEv2/IPSec policy. It includes most of the IKEv2 and IPSec parameters for keep-alive, lifetime, NAT-T, and
cryptographic and authentication algorithms. There must be one crypto template per FNG service.
▄ Cisco ASR 5000 Series Femto Network Gateway Administration Guide
18
Femto Network Gateway Overview
OL-24872-01