IP Security
Overview
IP Security (IPSec) is a suite of protocols that interact with one another to provide secure private communications across
IP networks. These protocols allow the system to establish and maintain secure tunnels with peer security gateways.
IPSec can be implemented on the system for the following applications:
PDN Access: Subscriber IP traffic is routed over an IPSec tunnel from the system to a secure gateway on the
packet data network (PDN) as determined by access control list (ACL) criteria. This application can be
implemented for both core network service and HA-based systems. The following figure shows IPSec
configurations.
Figure 10. IPSec Applications
PDN Access
Application
Core service
or HA
Mobile IP
Application
Core
service/FA
L2TP
Application
Core service/LAC
HA/LAC
Mobile IP: Mobile IP control signals and subscriber data is encapsulated in IPSec tunnels that are established
between foreign agents (FAs) and home agents (HAs) over the Pi interfaces.
L2TP: L2TP-encapsulated packets are routed from the system to an LNS/secure gateway over an IPSec tunnel.
OL-25069-03
IPSec Tunnel
IPSec Tunnel
IPSec Tunnel
Important:
Once an IPSec tunnel is established between an FA and HA for a particular
subscriber, all new Mobile IP sessions using the same FA and HA are passed over the tunnel
regardless of whether or not IPSec is supported for the new subscriber sessions. Data for existing
Mobile IP sessions is unaffected.
Packet Data Network
Security
Gateway
HA
LNS/Security
Gateway
Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄
Overview ▀
131