Cisco Cisco Packet Data Interworking Function (PDIF) Prospecto
IPSec Network Applications
Implementing IPSec for Mobile IP Applications ▀
Cisco StarOS IP Security (IPSec) Reference ▄
39
RADIUS Attributes for IPSec-based Mobile IP Applications
StarOS uses attributes stored in a subscriber's RADIUS profile to determine how IPSec should be implemented.
The table below lists the attributes that must be configured in the subscriber's RADIUS attributes to support IPSec for
Mobile IP. These attributes are contained in the following dictionaries:
Mobile IP. These attributes are contained in the following dictionaries:
3GPP2
3GPP2-835
Starent
Starent-835
Starent-VSA1
Starent-VSA1-835
Table 4. Attributes Used for Mobile IP IPSec Support
Attribute
Description
Variable
3GPP2-Security-
Level
Level
Indicates the type of security that the home
network mandates on the visited network.
network mandates on the visited network.
Integer value:
3 – Enables IPSec for tunnels and registration messages
4 – Disables IPSec
3 – Enables IPSec for tunnels and registration messages
4 – Disables IPSec
3GPP2 -KeyId
Contains the opaque IKE Key Identifier for
the FA/HA shared IKE secret.
the FA/HA shared IKE secret.
Supported value for the first eight bytes is the network-
order FA IP address in hexadecimal characters.
Supported value for the next eight bytes is the network-
order HA IP address in hexadecimal characters.
Supported value for the final four bytes is a timestamp
in network order, indicating when the key was created,
and is the number of seconds since January 1, 1970,
UTC.
order FA IP address in hexadecimal characters.
Supported value for the next eight bytes is the network-
order HA IP address in hexadecimal characters.
Supported value for the final four bytes is a timestamp
in network order, indicating when the key was created,
and is the number of seconds since January 1, 1970,
UTC.
3GPP2-IKE-Secret
Contains the FA/HA shared secret for the
IKE protocol. This attribute is salt-
encrypted.
IKE protocol. This attribute is salt-
encrypted.
A binary string of 1 to 127 bytes.
3GPP2-S
Contains the “S” secret parameter used to
make the IKE pre-shared secret.
make the IKE pre-shared secret.
A binary string of the value of “S” consisting of 1 to
127 characters
127 characters
3GPP2- S-Lifetime
Contains the lifetime of the “S” secret
parameter used to make the IKE pre-shared
secret.
parameter used to make the IKE pre-shared
secret.
An integer in network order, indicating the time in
seconds since January 1, 1970 00:00 UTC
Note that this is equivalent to the Unix operating system
expression of time.
seconds since January 1, 1970 00:00 UTC
Note that this is equivalent to the Unix operating system
expression of time.