Cisco Cisco Packet Data Interworking Function (PDIF)
IPSec Certificates
Certificate Management Protocol (CMPv2) ▀
IPSec Reference, StarOS Release 16 ▄
115
Deployment Scenarios
In a 4G network the data between the eNodeB and the MME/SGW is sent via a security gateway. The network between
the security gateway and the MME/SGW is a trusted network of the vendor. The network between the eNodeB and
security gateway may be a public network requiring the establishment of an IPSec tunnel between eNodeB and the
security gateway through which data is sent.
the security gateway and the MME/SGW is a trusted network of the vendor. The network between the eNodeB and
security gateway may be a public network requiring the establishment of an IPSec tunnel between eNodeB and the
security gateway through which data is sent.
Figure 13. CMPv2 Deployment Scenario
The IKEv2 protocol is used to establish the IPSec tunnel between eNodeB and the MME/SGW. Certificate-based
authentication is performed during stage 2 of the IKEv2 exchange (RFC 4306). The security gateway sends its own
X.509 certificate to the eNodeB in the IKE_AUTH message's CERT payload. This certificate is validated at the eNodeB
and is used to decrypt the AUTH payload to authenticate the security gateway.
authentication is performed during stage 2 of the IKEv2 exchange (RFC 4306). The security gateway sends its own
X.509 certificate to the eNodeB in the IKE_AUTH message's CERT payload. This certificate is validated at the eNodeB
and is used to decrypt the AUTH payload to authenticate the security gateway.
CMPv2 is the online mechanism for generating public and private keys and obtaining the certificate signed by a CA.