Cisco Cisco Packet Data Gateway (PDG) Fehlerbehebungsanleitung
FA Service Configuration Mode Commands
isakmp ▀
Cisco ASR 5000 Series Command Line Interface Reference ▄
OL-22947-02
Usage
Use this command to configure the FA-service‘s per-HA IPSec parameters. These dictate how the FA service
is to establish an IPSec SA with the specified HA.
is to establish an IPSec SA with the specified HA.
Important:
For maximum security, it is recommended that the above command be executed for every possible
HA that the FA service communicates with.
A default crypto map can also be configured using the default keyword. The default crypto map is used in the
event that the AAA server returns an HA address that is not configured as an isakmp peer-ha.
event that the AAA server returns an HA address that is not configured as an isakmp peer-ha.
Important:
For maximum security, the default crypto map should be configured in addition to peer-ha crypto
maps instead of being used to provide IPSec SAs to all HAs.
Note that once an IPSec tunnel is established between the FA and HA for a particular subscriber, all new
Mobile IP sessions using the same FA and HA are passed over the tunnel regardless of whether or not IPSec
is supported for the new subscriber sessions. Data for existing Mobile IP sessions is unaffected.
Mobile IP sessions using the same FA and HA are passed over the tunnel regardless of whether or not IPSec
is supported for the new subscriber sessions. Data for existing Mobile IP sessions is unaffected.
Example
The following command creates a reference for an HA with the IP address 1.2.3.4 to a crypto map named map1:
The following command creates a reference for an HA with the IP address 1.2.3.4 to a crypto map named map1:
The following command deletes the crypto map reference for the HA with the IP address 1.2.3.4.