Cisco Cisco Packet Data Gateway (PDG)
IPSec Network Applications
IPSec for Femto-UMTS Networks ▀
IPSec Reference, StarOS Release 17 ▄
53
IPSec for Femto-UMTS Networks
The Cisco HNB-GW (Home-NodeB Gateway) supports IPSec and IKEv2 encryption using IPv4 addressing in Femto-
UMTS IPSec and IKEv2 encryption enables network domain security for all IP packet-switched networks, providing
confidentiality, integrity, authentication, and anti-replay protection via secure IPSec tunnels.
UMTS IPSec and IKEv2 encryption enables network domain security for all IP packet-switched networks, providing
confidentiality, integrity, authentication, and anti-replay protection via secure IPSec tunnels.
Authentication Methods
IPSec for Femto-UMTS includes the following authentication methods:
PSK (Pre-Shared Key) Authentication. A pre-shared key is a shared secret that was previously shared between
two network nodes. IPSec for Femto-UMTS supports PSK such that both IPSec nodes must be configured to
use the same shared secret.
use the same shared secret.
X.509 Certificate-based Peer Authentication. IPSec for Femto-UMTS supports X.509 certificate-based peer
authentication and CA (Certificate Authority) certificate authentication as described below.
Crypto Map Template Configuration
Use the following example to configure the IPSec profile and crypto template associated with an SeGW and enable
IPSec tunneling.
IPSec tunneling.
configure
context vpn_ctxt_name
eap-profile eap_prof_name
mode authentication-pass-through
exit
ip pool ipsec ip_address subnetmask
ipsec transform-set ipsec_trans_set
exit
ikev2 transform-set ikev2_trans_set
exit
crypto template crypto_template
authentication eap-profile eap_prof_name
exit
ikev2-ikesa transform set listikev2_trans_set
payload crypto_payload_name match childsa [ match { ipv4 | ipv6 }