Cisco Cisco Packet Data Gateway (PDG) 문제 해결 가이드
Service Configuration Procedures
Creating and Configuring FA Services ▀
Cisco ASR 5000 Series Access Service Network Gateway Administration Guide ▄
OL-22953-01
Step 4
Configure the local User Datagram Protocol (UDP) port for the Pi interfaces’ IP socket by entering:
port# is the UDP port number and can be any integer value from 1 to 65535. The default value is 434.
Step 5
Configure the security parameter index (SPI) between the FA service and the HA by entering the following command:
Keyword/Variable
Description
Specifies the IP address of the HA (
). Express ha_ip_address as an IP address or an IP
address and mask in dotted decimal notation (###.###.###.### or ###.###.###/##).
spi number
Specifies the SPI (
) which indicates a security context between the FA and the HA in accordance
with RFC 2002. Configure
to any integer from 256 to 4294967295.
encrypted secret
Specifies the encrypted shared key (
) between the FA and the HA services. The system uses
the encrypted keyword when it saves configuration scripts. The system displays the encrypted keyword in the
configuration file to indicate that the variable following the secret keyword is the encrypted version of the
plain text secret. Only the encrypted secret is saved as part of the configuration file.
configuration file to indicate that the variable following the secret keyword is the encrypted version of the
plain text secret. Only the encrypted secret is saved as part of the configuration file.
secret
Specifies the shared key (
) between the FA and the HA services.
is from 1 to 127 alpha
and/or numeric characters and is case sensitive.
description
This is a description for the SPI.
is an alpha and/or numeric string of 1 through 31 characters.
Important:
You can configure a maximum of 2048 FA-HA SPIs for a single FA service. Specify how the system
should handle the MN-HA authentication extension in the RRP by entering the following command:
Keyword/Variable
Description
Allows a reply that does not contain the authentication extension.
A reply should always contain the authentication extension to be accepted.
Step 6
Enter the following to specify how the system handles authentication for mobile node re-registrations: