1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Gateway
  5. ASR 5000 Series 3G Home NodeB
  6. Administration manual

Configuring Ipsec Support For Pdn Access - Cisco ASR 5000 Series 3G Home NodeB Administration Manual

3g home nodeb gateway
Hide thumbs
Table of Contents

Advertisement

▀ Implementing IPSec for PDN Access Applications
Step
Description
1.
A subscriber session or PDP context Request, in GGSN service, arrives at the system.
2.
The system processes the subscriber session or request as it would typically.
3.
Prior to routing the session packets, the system compares them against configured Access Control Lists (ACLs).
4.
The system determines that the packet matches the criteria of an ACL that is associated with a configured crypto map.
5.
From the crypto map, the system determines the following:
The map type, in this case ISAKMP
The pre-shared key used to initiate the Internet Key Exchange (IKE) and the IKE negotiation mode
The IP address of the security gateway
Whether perfect forward secrecy (PFS) should be enabled for the IPSec SA and if so, what group should be used
IPSec SA lifetime parameters
The name of a configured transform set defining the IPSec SA
6.
To initiate the IKE SA negotiation, the system performs a Diffie-Hellman exchange of the pre-shared key specified in the
crypto map with the specified peer security gateway.
7.
The system and the security gateway negotiate an ISAKMP policy (IKE SA) to use to protect further communications.
8.
Once the IKE SA has been negotiated, the system negotiates an IPSec SA with the security gateway using the transform
method specified in the transform sets.
9.
Once the IPSec SA has been negotiated, the system protects the data according to the IPSec SAs established during step 8
and sends it over the IPSec tunnel.

Configuring IPSec Support for PDN Access

This section provides a list of the steps required to configure IPSec functionality on the system in support of PDN
access. Each step listed refers to a different section containing the specific instructions for completing the required
procedure.
Important:
sessions either as a core service or an HA. In addition, parameters configured using this procedure must be configured in
the same destination context on the system.
Step 1
Configure one or more IP access control lists (ACLs) according to the information and instructions located in IP Access
Control Lists chapter of this guide.
Step 2
Configure one or more transform sets according to the instructions located in the
of this chapter.
Step 3
Configure one or more ISAKMP policies according to the instructions located in the
section of this chapter.
▄ Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide
138
These instructions assume that the system was previously configured to support subscriber data
Transform Set Configuration
ISAKMP Policy Configuration
IP Security
section
OL-25069-03

Advertisement

Table of Contents
loading

Related Manuals for Cisco ASR 5000 Series 3G Home NodeB

Related Content for Cisco ASR 5000 Series 3G Home NodeB

This manual is also suitable for:

Asr 5000 series

Table of Contents