Cisco Cisco Packet Data Gateway (PDG) Fehlerbehebungsanleitung
IP Security
Implementing IPSec for L2TP Applications ▀
Cisco ASR 5000 Series Enhanced Feature Configuration Guide ▄
OL-22982-01
How IPSec is Used for L2TP Configurations on the GGSN
and the text that follows describe how IPSec-encrypted attribute-based L2TP sessions are processed by the system.
Figure 25. GGSN PDP Context Processing with IPSec-Encrypted L2TP
GGSN
LNS/Security
Gateway
1
6
7
8
9
IPSec Tunnel
Source
Ctx.
GGSN-
Service
Service
GTPP
Cfg.
G
n
n
G
a
a
Net. Req.
PDP Ctx.
Cfg.
Dest. Ctx.
Auth. Cfg.
DHCP
Cfg.
AAA
DHCP
APN Cfg.
IP Address
Pool Cfg.
Crypto Map
Transform
Set(s)
ISAKMP
Policy(ies)
LAC
Service
Gi
2
3
4
5
Table 18. GGSN PDP Context Processing with IPSec-Encrypted L2TP
Step
Description
1.
A subscriber session/PDP Context Request arrives at the system.
2.
The configuration of the APN accessed by the subscriber indicates that session data is to be tunneled using L2TP. In
addition, attributes specifying a crypto map name and ISAKMP secret are also supplied indicating that IP security is also
required.
addition, attributes specifying a crypto map name and ISAKMP secret are also supplied indicating that IP security is also
required.
3.
The system determines that the crypto map name supplied matches a configured crypto map.
4.
From the crypto map, the system determines the following:
The map type, in this case dynamic
Whether perfect forward secrecy (PFS) should be enabled for the IPSec SA and if so, what group should be used
IPSec SA lifetime parameters
The name of one or more configured transform set defining the IPSec SA