Cisco Cisco Tunnel Terminating Gateway (TTG)
IPSec Network Applications
IPSec for Femto-UMTS Networks ▀
IPSec Reference, StarOS Release 16 ▄
53
IPSec for Femto-UMTS Networks
The Cisco HNB-GW (Home-NodeB Gateway) supports IPSec and IKEv2 encryption using IPv4 addressing in Femto-
UMTS IPSec and IKEv2 encryption enables network domain security for all IP packet-switched networks, providing
confidentiality, integrity, authentication, and anti-replay protection via secure IPSec tunnels.
UMTS IPSec and IKEv2 encryption enables network domain security for all IP packet-switched networks, providing
confidentiality, integrity, authentication, and anti-replay protection via secure IPSec tunnels.
Authentication Methods
IPSec for Femto-UMTS includes the following authentication methods:
PSK (Pre-Shared Key) Authentication. A pre-shared key is a shared secret that was previously shared between
two network nodes. IPSec for Femto-UMTS supports PSK such that both IPSec nodes must be configured to
use the same shared secret.
use the same shared secret.
X.509 Certificate-based Peer Authentication. IPSec for Femto-UMTS supports X.509 certificate-based peer
authentication and CA (Certificate Authority) certificate authentication as described below.
Crypto Map Template Configuration
Use the following example to configure the IPSec profile and crypto template associated with an SeGW and enable
IPSec tunneling.
IPSec tunneling.
configure
context <vpn_ctxt_name>
eap-profile <eap_prof_name>
mode authentication-pass-through
exit
ip pool ipsec <ip_address> <subnetmask>
ipsec transform-set <ipsec_trans_set>
exit
ikev2 transform-set <ikev2_trans_set>
exit
crypto template <crypto_template>
authentication eap-profile <eap_prof_name>
exit
ikev2-ikesa transform set list<ikev2_trans_set>
payload <crypto_payload_name> match childsa [ match { ipv4 | ipv6 }