Cisco Cisco Packet Data Gateway (PDG) Guida Alla Risoluzione Dei Problemi
IP Security
RADIUS Attributes for IPSec-based Mobile IP Applications ▀
Cisco ASR 5000 Series Enhanced Feature Configuration Guide ▄
OL-22982-01
RADIUS Attributes for IPSec-based Mobile IP Applications
As described in the
attributes stored in a subscriber‘s RADIUS profile to determine how IPSec should be implemented.
The table below lists the attributes that must be configured in the subscriber‘s RADIUS attributes to support IPSec for
Mobile IP. These attributes are contained in the following dictionaries:
Mobile IP. These attributes are contained in the following dictionaries:
3GPP2
3GPP2-835
Starent
Starent-835
Starent-VSA1
Starent-VSA1-835
Table 19.
Attributes Used for Mobile IP IPSec Support
Attribute
Description
Variable
3GPP2-
Security-
Level
Security-
Level
This attribute indicates the type of security
that the home network mandates on the
visited network.
that the home network mandates on the
visited network.
Integer value:
3 : Enables IPSec for tunnels and registration messages
4 : Disables IPSec
3 : Enables IPSec for tunnels and registration messages
4 : Disables IPSec
3GPP2 -
KeyId
KeyId
This attribute contains the opaque IKE
Key Identifier for the FA/HA shared IKE
secret.
Key Identifier for the FA/HA shared IKE
secret.
Supported value for the first eight bytes is the network-order FA IP
address in hexadecimal characters.
Supported value for the next eight bytes is the network-order HA IP
address in hexadecimal characters.
Supported value for the final four bytes is a timestamp in network
order, indicating when the key was created, and is the number of
seconds since January 1, 1970, UTC.
address in hexadecimal characters.
Supported value for the next eight bytes is the network-order HA IP
address in hexadecimal characters.
Supported value for the final four bytes is a timestamp in network
order, indicating when the key was created, and is the number of
seconds since January 1, 1970, UTC.
3GPP2-IKE-
Secret
Secret
This attribute contains the FA/HA shared
secret for the IKE protocol. This attribute
is salt-encrypted.
secret for the IKE protocol. This attribute
is salt-encrypted.
A binary string of 1 to 127 bytes.
3GPP2-S
This attribute contains the 'S' secret
parameter used to make the IKE pre-
shared secret.
parameter used to make the IKE pre-
shared secret.
A binary string of the value of 'S' consisting of 1 to 127 characters.
3GPP2- S-
Lifetime
Lifetime
This attribute contains the lifetime of the
'S' secret parameter used to make the IKE
pre-shared secret.
'S' secret parameter used to make the IKE
pre-shared secret.
An integer in network order, indicating the time in seconds since
January 1, 1970 00:00
UTC. Note that this is equivalent to the Unix operating system
expression of time.
January 1, 1970 00:00
UTC. Note that this is equivalent to the Unix operating system
expression of time.