PDG/TTG Overview
▀ Features and Functionality
▄ Cisco ASR 5000 Series Product Overview
OL-22938-02
Configure the name of the crypto template for IKEv2/IPSec:
A crypto template is used to define an
IKEv2/IPSec policy. It includes IKEv2 and IPSec parameters for keepalive, lifetime, NAT-T, and
cryptographic and authentication algorithms. There must be one crypto template per PDG service.
The name of the EAP profile:
The EAP profile defines the EAP authentication method and associated
parameters.
Multiple authentication support:
Multiple authentication is specified as a part of crypto template
configuration.
IKEv2 and IPSec transform sets:
Transform set defines the negotiable algorithms for IKE SAs and Child SAs
to enable calls to connect to the PDG/TTG.
The setup timeout value:
This parameter specifies the session setup timeout timer value. The PDG/TTG
terminates a UE connection attempt if the UE does not establish a successful connection within the specified
timeout period.
Max-sessions:
This parameter sets the maximum number of subscriber sessions allowed by this PDG service.
TTG Mode
The TTG mode of operation uses IKEv2/IPsec tunnels to deliver packet data services over untrusted WLANs with
connectivity to the Internet or managed networks.
In TTG mode, the system terminates an IPSec tunnel for each WLAN UE subscriber session established over the Wu
reference point. The TTG also establishes a corresponding GTP tunnel over the Gn' reference point to the GGSN. The
TTG and a subset of GGSN functions work together to provide PDG functionality to the WLAN UEs. In this
configuration, the GGSN sees the TTG as an SGSN, and no additional changes are required at the GGSN to support this
functionality.
IKEv2 and IP Security (IPSec) Encryption
The PDG/TTG supports IKEv2 and IPSec encryption using IPv4 addressing. IKEv2 and IPSec encryption enables
network domain security for all IP packet-switched networks in order to provide confidentiality, integrity,
authentication, and anti-replay protection. These capabilities are insured through use of cryptographic techniques.
IKEv2 and IP Security (IPSec) encryption includes the following options:
IKEv2 encryption protocols:
AES-CBC with 128 bits, AES-CBC with 256 bits, 3DES-CBC, and DES-CBC
IKEv2 pseudo-random functions:
PRF-HMAC-SHA1, PRF-HMAC-MD5
IKEv2 integrity:
HMAC-SHA1-96, HMAC-MD5
IKEv2 Diffie-Hellman groups:
1, 2, 5, and 14
IPSec ESP (Encapsulating Security Payload) encryption:
AES-CBC with 128 bits, AES-CBC with 256 bits,
3DES-CBC, and DES-CBC
IPSec integrity:
HMAC-SHA1-96, HMAC-MD5
IKEv2 and IPSec rekeying
Summary of Contents for ASR 5000 Series
Page 1: ......
Page 26: ......
Page 48: ...New In Release 10 0 SCM Features Cisco ASR 5000 Series Product Overview OL 22938 02 ...
Page 50: ......
Page 58: ......
Page 68: ......
Page 126: ......
Page 138: ......
Page 146: ......
Page 218: ......
Page 236: ......
Page 356: ......
Page 374: ......
Page 422: ......
Page 496: ......
Page 572: ......
Page 654: ......
Page 700: ......
Page 726: ......
Page 784: ......
Page 816: ......
Page 844: ......
Page 906: ......
Page 926: ......
Page 942: ......
Page 943: ...Cisco ASR 5000 Series Product Overview OL 22938 02 Chapter 30 Technical Specifications ...
Page 966: ......
Page 972: ......