Cisco Cisco Packet Data Gateway (PDG)
IPSec Network Applications
▀ Implementing IPSec for Mobile IP Applications
▄ IPSec Reference, StarOS Release 16
38
RADIUS Attributes for IPSec-based Mobile IP Applications
StarOS uses attributes stored in a subscriber's RADIUS profile to determine how IPSec should be implemented.
The table below lists the attributes that must be configured in the subscriber's RADIUS attributes to support IPSec for
Mobile IP. These attributes are contained in the following dictionaries:
Mobile IP. These attributes are contained in the following dictionaries:
3GPP2
3GPP2-835
Starent
Starent-835
Starent-VSA1
Starent-VSA1-835
Table 4. Attributes Used for Mobile IP IPSec Support
Attribute
Description
Variable
3GPP2-Security-Level
Indicates the type of security that the
home network mandates on the visited
network.
home network mandates on the visited
network.
Integer value:
3 – Enables IPSec for tunnels and registration messages
4 – Disables IPSec
3 – Enables IPSec for tunnels and registration messages
4 – Disables IPSec
3GPP2 -KeyId
Contains the opaque IKE Key
Identifier for the FA/HA shared IKE
secret.
Identifier for the FA/HA shared IKE
secret.
Supported value for the first eight bytes is the network-
order FA IP address in hexadecimal characters.
Supported value for the next eight bytes is the network-
order HA IP address in hexadecimal characters.
Supported value for the final four bytes is a timestamp in
network order, indicating when the key was created, and is
the number of seconds since January 1, 1970, UTC.
order FA IP address in hexadecimal characters.
Supported value for the next eight bytes is the network-
order HA IP address in hexadecimal characters.
Supported value for the final four bytes is a timestamp in
network order, indicating when the key was created, and is
the number of seconds since January 1, 1970, UTC.
3GPP2-IKE-Secret
Contains the FA/HA shared secret for
the IKE protocol. This attribute is salt-
encrypted.
the IKE protocol. This attribute is salt-
encrypted.
A binary string of 1 to 127 bytes.
3GPP2-S
Contains the “S” secret parameter
used to make the IKE pre-shared
secret.
used to make the IKE pre-shared
secret.
A binary string of the value of “S” consisting of 1 to 127
characters
characters
3GPP2- S-Lifetime
Contains the lifetime of the “S” secret
parameter used to make the IKE pre-
shared secret.
parameter used to make the IKE pre-
shared secret.
An integer in network order, indicating the time in seconds
since January 1, 1970 00:00 UTC
Note that this is equivalent to the Unix operating system
expression of time.
since January 1, 1970 00:00 UTC
Note that this is equivalent to the Unix operating system
expression of time.