для Cisco Cisco Packet Data Gateway (PDG)
Introduction to IP Security (IPSec)
▀ Overview
▄ IPSec Reference, StarOS Release 17
16
IPSec Applications
Important:
Support for IPSec features varies per platform, service type and StarOS release. Refer to the gateway
administration guide and StarOS Release Notes for additional information.
IPSec can be implemented via StarOS for the following applications:
PDN Access: Subscriber IP traffic is routed over an IPSec tunnel from the system to a secure gateway on the
packet data network (PDN) as determined by access control list (ACL) criteria. This application can be
implemented for both core network service and HA-based systems. The following figure shows several IPSec
configurations.
implemented for both core network service and HA-based systems. The following figure shows several IPSec
configurations.
Figure 1.
IPSec Applications
Mobile IP: Mobile IP (MIP) control signals and subscriber data is encapsulated in IPSec tunnels that are
established between foreign agents (FAs) and home agents (HAs) over the Pi interfaces.
Important:
Once an IPSec tunnel is established between an FA and HA for a particular subscriber, all
new Mobile IP sessions using the same FA and HA are passed over the tunnel regardless of whether or not IPSec
is supported for the new subscriber sessions. Data for existing Mobile IP sessions is unaffected.
is supported for the new subscriber sessions. Data for existing Mobile IP sessions is unaffected.
L2TP: L2TP-encapsulated packets are routed from the system to an LNS/secure gateway over an IPSec tunnel.
Note that: IPSec can be implemented for both attribute-based and compulsory tunneling applications for 3GPP2
services.
services.