Cisco Cisco Tunnel Terminating Gateway (TTG) Guide De Dépannage
FA Service Configuration Mode Commands
▀ fa-ha-spi
▄ Cisco ASR 5000 Series Command Line Interface Reference
OL-22947-02
This is a description for the SPI.
must be an alpha and or numeric string of from 1 through 31
characters.
Default: hmac-md5
Specifies the hash-algorithm used between the FA service and the HA.
Specifies the hash-algorithm used between the FA service and the HA.
: Configures the hash-algorithm to implement HMAC-MD5 per RFC 2002bis.
: Configures the hash-algorithm to implement MD5 per RFC 1321.
: Configures the hash-algorithm to implement keyed-MD5 per RFC 2002.
Default: disabled
Enables the HA monitor feature for this HA address.
To set the behavior of the HA monitor feature, refer to the
Enables the HA monitor feature for this HA address.
To set the behavior of the HA monitor feature, refer to the
command in this chapter. To
disable this command (if enabled) for this HA address, re-enter the entire
command without the
keyword.
Default: timestamp
Specifies the replay-protection scheme that should be implemented by the FA service for this SPI.
Specifies the replay-protection scheme that should be implemented by the FA service for this SPI.
: Configures replay protection to be implemented using NONCE per RFC 2002.
: Configures replay protection to be implemented using timestamps per RFC 2002.
Important:
This keyword should only be used in conjunction with Proxy Mobile IP support.
Default: 60
Specifies the allowable difference (tolerance) in timestamps that is acceptable. If the difference is exceeded,
then the session will be rejected. If this is set to 0, then time stamp tolerance checking is disabled at the
receiving end.
Specifies the allowable difference (tolerance) in timestamps that is acceptable. If the difference is exceeded,
then the session will be rejected. If this is set to 0, then time stamp tolerance checking is disabled at the
receiving end.
is measured in seconds and can be configured to any integer value between 0 and 65535.
Important:
This keyword should only be used in conjunction with Proxy Mobile IP support.
More than one of the above keywords can be entered within a single command.
Usage
An SPI is a security mechanism configured and shared by the FA service and the HA. Please refer to RFC
2002 for additional information.
Though it is possible for FAs and HAs to communicate without SPIs being configured, the use of them is
recommended for security purposes. It is also recommended that a ―default‖ SPI with a remote address of
0.0.0.0/0 be configured on both the HA and FA to prevent hackers from spoofing addresses.
2002 for additional information.
Though it is possible for FAs and HAs to communicate without SPIs being configured, the use of them is
recommended for security purposes. It is also recommended that a ―default‖ SPI with a remote address of
0.0.0.0/0 be configured on both the HA and FA to prevent hackers from spoofing addresses.