Cisco Cisco IOS Software Release 12.2(1c) User Guide

To configure the Cisco HA, use the following commands in global configuration mode:

To configure IPSec for the HA, use the following commands in global configuration mode: 

Router(config)# ip mobile host {lower [upper] | nai string 

[static-address addr1 [addr2] [addr3] [addr4] [addr5] | 

 name {address addr | pool {local name | 

 [dhcp-server addr]}}}{interface name | 

 net mask} [aaa [load-sa]] [care-of-access 

acl] [lifetime number]

Specifies either static IP addresses or a pool of IP 
addresses for use by multiple flows with the same 
NAI.

Router(config)#ip mobile home-agent [broadcast] 

[care-of-access acl] [lifetime number] [replay seconds] 

[reverse-tunnel-off] [roam-access acl] [strip-nai-realm] 

[suppress-unreachable] [local-timezone]

Enables and controls home agent services on the 
router.

Router(config)# crypto map map-name seq-num ipsec-isakmp 

 ip address of ha 

-set transform-set-name 

 acl name

Creates a a crypto map entry for one HA in one 
Crypto-map set.

The Crypto Map definition is not complete until: 

ACL associated with it is defined, and

The Crypto-Map applied on Interface. You 
can configure Crypto MAP for different HAs 
by using a different sequence number for 
each HA in one crypto-map set.

Router# access-list acl-name deny udp host HA IP addr eq 

 PDSN IP addr eq mobile-ip

-list acl-name permit ip host PDSN IP addr host HA IP addr

-list acl-name deny ip any any

Defines the access list.

The ACL name “acl-name” is same as in the 
crypto-map configuration

Router# Interface Physical-Interface of PI interface

Applies the Crypto-Map on Pi Interface, as the 
HA sends/receives Mobile IP traffic to/from 
PDSN on this interface

Router# ip mobile tunnel crypto map crypto-map set name

Configure Mobile IP to use the configured 
Crypto-Map set