Cisco Cisco Packet Data Gateway (PDG) Guia Do Administrador
Simple IP and Mobile IP in a Single System Configuration Example
Using the System as Both a PDSN/FA and an HA ▀
Cisco ASR 5x00 Home Agent Administration Guide ▄
59
Required Information
Description
Hash-algorithm:
Specifies the algorithm used to hash the SPI and SPI secret. The possible algorithms that can be
configured are MD5 per RFC 1321 and keyed-MD5 per RFC 2002. The default algorithm is hmac-
md5.
A hash-algorithm is required for each SPI configured.
Specifies the algorithm used to hash the SPI and SPI secret. The possible algorithms that can be
configured are MD5 per RFC 1321 and keyed-MD5 per RFC 2002. The default algorithm is hmac-
md5.
A hash-algorithm is required for each SPI configured.
Mobile Node Security
Parameter Index
Information
Parameter Index
Information
Index:
Specifies the shared SPI between the HA service and the mobile node(s). The SPI can be configured
to any integer value between 256 and 4294967295.
Multiple SPIs can be configured if the HA service is to communicate with multiple mobile nodes.
Specifies the shared SPI between the HA service and the mobile node(s). The SPI can be configured
to any integer value between 256 and 4294967295.
Multiple SPIs can be configured if the HA service is to communicate with multiple mobile nodes.
Secret(s):
Specifies the shared SPI secret between the HA service and the mobile node. The secret can be
between 1 and 127 characters (alpha and/or numeric).
An SPI secret is required for each SPI configured.
Specifies the shared SPI secret between the HA service and the mobile node. The secret can be
between 1 and 127 characters (alpha and/or numeric).
An SPI secret is required for each SPI configured.
Hash-algorithm:
Specifies the algorithm used to hash the SPI and SPI secret. The possible algorithms that can be
configured are MD5 per RFC 1321 and keyed-MD5 per RFC 2002. The default algorithm is hmac-
md5.
A hash-algorithm is required for each SPI configured.
Specifies the algorithm used to hash the SPI and SPI secret. The possible algorithms that can be
configured are MD5 per RFC 1321 and keyed-MD5 per RFC 2002. The default algorithm is hmac-
md5.
A hash-algorithm is required for each SPI configured.
Replay-protection process:
Specifies how protection against replay-attacks is implemented. The possible processes are nonce
and timestamp. The default is timestamp with a tolerance of 60 seconds.
A replay-protection process is required for each mobile node-to-HA SPI configured.
Specifies how protection against replay-attacks is implemented. The possible processes are nonce
and timestamp. The default is timestamp with a tolerance of 60 seconds.
A replay-protection process is required for each mobile node-to-HA SPI configured.
Maximum registration
lifetime
lifetime
Specifies the longest registration lifetime that the HA service will allow in any Registration Request
message from the mobile node.
The time is measured in seconds and can be configured to any integer value between 1 and 65535.
An infinite registration lifetime can also be configured by disabling the timer. The default is 600.
message from the mobile node.
The time is measured in seconds and can be configured to any integer value between 1 and 65535.
An infinite registration lifetime can also be configured by disabling the timer. The default is 600.
Maximum number of
simultaneous bindings
simultaneous bindings
Specifies the maximum number of “care-of” addresses that can simultaneously be bound for the
same user as identified by NAI and Home address.
The number can be configured to any integer value between 1 and 5. The default is 3.
same user as identified by NAI and Home address.
The number can be configured to any integer value between 1 and 5. The default is 3.
Default Subscriber Configuration
“Default” subscriber’s IP
context name
context name
Specifies the name of the egress context on the system that facilitates the PDN ports.
Important:
For this configuration, the IP context name should be identical to the
name of the destination context.
Simple IP Destination Context
The following table lists the information that is required to configure the optional destination context. As discussed
previously, This context is only required if Reverse Tunneling is disabled in the FA service.
previously, This context is only required if Reverse Tunneling is disabled in the FA service.