Cisco Cisco IOS Software Release 12.2(1c) User Guide
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
Cisco Mobile Wireless Home Agent
Configuration Tasks
29
Cisco IOS Release 12.2(8)BY
OL-3235-02
Configuring the Cisco Home Agent
To configure the Cisco HA, use the following commands in global configuration mode:
Configuring IPSec for the HA
To configure IPSec for the HA, use the following commands in global configuration mode:
Command
Purpose
Router(config)# ip mobile host {lower [upper] | nai string
[static-address addr1 [addr2] [addr3] [addr4] [addr5] |
local-pool
name {address addr | pool {local name |
dhcp-proxy-client
[dhcp-server addr]}}}{interface name |
virtual-network
net mask} [aaa [load-sa]] [care-of-access
acl] [lifetime number]
Specifies either static IP addresses or a pool of IP
addresses for use by multiple flows with the same
NAI.
addresses for use by multiple flows with the same
NAI.
Router(config)#ip mobile home-agent [broadcast]
[care-of-access acl] [lifetime number] [replay seconds]
[reverse-tunnel-off] [roam-access acl] [strip-nai-realm]
[suppress-unreachable] [local-timezone]
Enables and controls home agent services on the
router.
router.
Command
Purpose
Router(config)# crypto map map-name seq-num ipsec-isakmp
set peer
ip address of ha
set transform
-set transform-set-name
match address
acl name
Creates a a crypto map entry for one HA in one
Crypto-map set.
Crypto-map set.
The Crypto Map definition is not complete until:
1.
ACL associated with it is defined, and
2.
The Crypto-Map applied on Interface. You
can configure Crypto MAP for different HAs
by using a different sequence number for
each HA in one crypto-map set.
can configure Crypto MAP for different HAs
by using a different sequence number for
each HA in one crypto-map set.
Router# access-list acl-name deny udp host HA IP addr eq
mobile-ip host
PDSN IP addr eq mobile-ip
access
-list acl-name permit ip host PDSN IP addr host HA IP addr
access
-list acl-name deny ip any any
Defines the access list.
The ACL name “acl-name” is same as in the
crypto-map configuration
crypto-map configuration
Router# Interface Physical-Interface of PI interface
crypto map
Crypto-Map set
Applies the Crypto-Map on Pi Interface, as the
HA sends/receives Mobile IP traffic to/from
PDSN on this interface
HA sends/receives Mobile IP traffic to/from
PDSN on this interface
Router# ip mobile tunnel crypto map crypto-map set name
Configure Mobile IP to use the configured
Crypto-Map set
Crypto-Map set