Cisco Cisco ASR 5000
Description
Step
If proxy-mip-required is disabled, PDIF assigns the IP address from the local pool.
19
PDIF received proxy-MIP RRP and gets the IP address and DNS addresses.
20
PDIF sets up the IPSec tunnel with the home address. On receiving the IKE_AUTH Response
MS also sets up the IPSec tunnel using the received IP address. PDIF sends the IKE_AUTH
Response back to MS by including the CP payload with the IP address and optionally the DNS
addresses. This completes the setup.
MS also sets up the IPSec tunnel using the received IP address. PDIF sends the IKE_AUTH
Response back to MS by including the CP payload with the IP address and optionally the DNS
addresses. This completes the setup.
21
PDIF sends a RADIUS Accounting start message.
22
For Proxy-MIP call setup using PAP, the first 14 steps are the same as for CHAP authentication. However,
here they deviate because the MS does not support EAP-MD5 authentication, but EAP-GTC. In response
to the EAP-MD5 challenge, the MS instead responds with legacy-Nak with EAP-GTC. The diagram below
picks up at this point.
here they deviate because the MS does not support EAP-MD5 authentication, but EAP-GTC. In response
to the EAP-MD5 challenge, the MS instead responds with legacy-Nak with EAP-GTC. The diagram below
picks up at this point.
Important
Figure 20: Proxy-MIP Call Setup using PAP Authentication
Table 14: Proxy-MIP Call Setup using PAP Authentication
Description
Step
MS is not capable of CHAP authentication but PAP authentication, and the MS returns the EAP
payload to indicate that it needs EAP-GTC authentication.
payload to indicate that it needs EAP-GTC authentication.
15
PDIF then initiates EAP-GTC procedure, and requests a password from MS.
16
MS includes an authentication password in the EAP payload to PDIF.
17
HSGW Administration Guide, StarOS Release 19
113
Proxy-Mobile IP
How Proxy Mobile IP Works in a WiFi Network with Multiple Authentication