Mobility Management Entity Overview
Features and Functionality - Licensed Enhanced Feature Software ▀
Cisco ASR 5000 Series Product Overview ▄
OL-22938-02
interface identifier for further communication as long as it does not conflict with the MME's interface identifier that the
mobile learned through router advertisement messages from the MME.
Control and configuration of the above is specified as part of the APN configuration on the MME, e.g., IPv6 address
prefix and parameters for the IPv6 router advertisements. RADIUS VSAs may be used to override the APN
configuration.
Following IPv6 EPS Bearer context establishment, the MME can perform either manual or automatic 6to4 tunneling,
according to RFC 3056, Connection of IPv6 Domains Via IPv4 Clouds.
License Keys: IPv6, part numbers 600-00-7521, 600-00-7576
License
600-00-7521, 600-00-7576
IP Security (IPSec)
IP Security provides a mechanism for establishing secure tunnels from mobile subscribers to pre-defined endpoints (i.e.
enterprise or home networks) in accordance with the following standards:
RFC 2401, Security Architecture for the Internet Protocol
RFC 2402, IP Authentication Header (AH)
RFC 2406, IP Encapsulating Security Payload (ESP)
RFC 2409, The Internet Key Exchange (IKE)
RFC-3193, Securing L2TP using IPSEC, November 2001
IP Security (IPSec) is a suite of protocols that interact with one another to provide secure private communications across
IP networks. These protocols allow the system to establish and maintain secure tunnels with peer security gateways.
IPSec can be implemented on the system for the following applications:
PDN Access
: Subscriber IP traffic is routed over an IPSec tunnel from the system to a secure gateway on the packet data
network (PDN) as determined by access control list (ACL) criteria.
Mobile IP
: Mobile IP control signals and subscriber data is encapsulated in IPSec tunnels that are established between
foreign agents (FAs) and home agents (HAs) over the Pi interfaces.
Important:
Once an IPSec tunnel is established between an FA and HA for a particular subscriber, all new
Mobile IP sessions using the same FA and HA are passed over the tunnel regardless of whether or not IPSec is
supported for the new subscriber sessions. Data for existing Mobile IP sessions is unaffected.
L2TP
: L2TP-encapsulated packets are routed from the system to an LNS/secure gateway over an IPSec tunnel.
The following figure shows IPSec configurations.
Summary of Contents for ASR 5000 Series
Page 1: ......
Page 26: ......
Page 48: ...New In Release 10 0 SCM Features Cisco ASR 5000 Series Product Overview OL 22938 02 ...
Page 50: ......
Page 58: ......
Page 68: ......
Page 126: ......
Page 138: ......
Page 146: ......
Page 218: ......
Page 236: ......
Page 356: ......
Page 374: ......
Page 422: ......
Page 496: ......
Page 572: ......
Page 654: ......
Page 700: ......
Page 726: ......
Page 784: ......
Page 816: ......
Page 844: ......
Page 906: ......
Page 926: ......
Page 942: ......
Page 943: ...Cisco ASR 5000 Series Product Overview OL 22938 02 Chapter 30 Technical Specifications ...
Page 966: ......
Page 972: ......