1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Gateway
  5. ASR 5000 Series 3G Home NodeB
  6. Administration manual

Fa Services Configuration To Support Ipsec; Modifying Fa Service To Support Ipsec - Cisco ASR 5000 Series 3G Home NodeB Administration Manual

3g home nodeb gateway
Hide thumbs
Table of Contents

Advertisement

▀ FA Services Configuration to Support IPSec

FA Services Configuration to Support IPSec
This section provides instructions for configuring FA services to support IPSec.
These instructions assume that the FA service was previously configured and system is ready to serve as an FA.
Important:
the system. For more information on commands that configure additional parameters and options, refer to the Command
Line Interface Reference.
To configure the FA service to support IPSec:
Step 1
Modify FA service configuration by following the steps in the
Step 2
Verify your FA service configuration by following the steps in the
section.
Step 3
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode
command
save configuration
System Administration Guide and the Command Line Interface Reference.

Modifying FA service to Support IPSec

Use the following example to modify FA service to support IPSec on your system:
configure
context <ctxt_name>
fa-service <fa_svc_name>
isakmp peer-ha <ha_address> crypto-map <map_name> [ secret <preshared_secret> ]
isakmp default crypto-map <map_name> [ secret <preshared_secret> ]
end
Notes:
 <
ctxt_name
 <
fa_svc_name
 <
ha_address
 <
map_name
 A default crypto map for the FA service to be used in the event that the AAA server returns an HA address that
is not configured as an ISAKMP peer HA.
 For maximum security, the default crypto map should be configured in addition to peer-ha crypto maps instead
of being used to provide IPSec SAs to all HAs. Note that once an IPSec tunnel is established between the FA
and HA for a particular subscriber, all new Mobile IP sessions using the same FA and HA are passed over the
▄ Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide
166
This section provides the minimum instruction set for configuring an FA service to support IPSec on
. For additional information on how to verify and save configuration files, refer to the
> is the system context in which the FA service is configured to support IPSec.
> is name of the FA service for which you are configuring IPSec.
> is IP address of the HA service to which FA service will communicate on IPSec.
> is name of the preconfigured ISAKMP or a manual crypto map.
Modifying FA service to Support IPSec
Verifying the FA Service Configuration with IPSec
IP Security
section
OL-25069-03

Advertisement

Table of Contents
loading

Related Manuals for Cisco ASR 5000 Series 3G Home NodeB

Related Content for Cisco ASR 5000 Series 3G Home NodeB

This manual is also suitable for:

Asr 5000 series

Table of Contents