Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring the Mobile IP Security Associations for a Foreign Agent

    You can use the ip mobile secure foreign-agent to configure the security associations for a foreign agent. You can include the IP address of the foreign agent to specify a nonzero address for the foreign agent.

    You can use the following keywords to configure the security associations for a foreign agent:

    • The spi keyword followed by a four-octet hexadecimal number to specify the SPI value to authenticate inbound requests and permit authentication for outbound registration requests. The range for the value is 0x100–0xFFFFFFFF.
    • The required key keyword followed by either the hex keyword or the ascii keyword to specify the authentication key for this security association:
      • The hex keyword followed by a 32-character (128-bit) hexadecimal value in the range 0x0–0xFFFFFFFE to specify a hexadecimal key.
      • The ascii keyword followed by an alphanumeric value up to a maximum of 16 characters (128 bits) to specify an ASCII key.
    • The optional replay timestamp within keywords followed by the number of seconds to specify the number of seconds by which a registration request can exceed the time value configured on the Mobile IP home agent. The range for the value is 1–255. The default value is 7 seconds.
    • The optional algorithm keyword followed by either the hmac-md5 keyword or the keyed-md5 keyword to specify the type of authentication algorithm for Mobile IP messages.

    To configure the security associations for a foreign agent:

    • Issue the ip mobile secure foreign-agent command in Global Configuration mode.
      host1(config)#ip mobile secure foreign-agent 100.1.1.3 spi 256 key ascii secret replay timestamp within 255 algorithm hmac-md5

      Use the no version to delete the security associations for the specified foreign agent on the virtual router.

    Published: 2014-08-12