Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring the Mobile IP Security Associations for a Mobile Host

    You can use the ip mobile secure host to configure the security associations for a mobile node.

    Note: If you delete a mobile node host by using the no ip mobile host command, all security associations that you configured for this host are deleted. Configure security associations only for mobile nodes on which local authentication is configured.

    You can use the following keywords to configure the security associations for a mobile node:

    • The nai keyword to specify the NAI for the mobile node. You must choose one of the following formats, where user represents the username and realm represents the domain name: user@realm, @realm, or @.
    • The address keyword followed by the IP address of the mobile node to specify a nonzero home address of the mobile node.
    • The spi keyword followed by a four-octet hexadecimal number to specify the SPI value to authenticate inbound requests and permit authentication for outbound registration requests. The range for the value is 0x100–0xFFFFFFFF.
    • The required key keyword followed by either the hex keyword or the ascii keyword to specify the authentication key for this security association:
      • The hex keyword followed by a 32-character (128-bit) hexadecimal value in the range 0x0–0xFFFFFFFE to specify a hexadecimal key.
      • The ascii keyword followed by an alphanumeric value up to a maximum of 16 characters (128 bits) to specify an ASCII key.
    • The optional replay timestamp within keywords followed by the number of seconds to specify the number of seconds by which a registration request can exceed the time value configured on the Mobile IP home agent. The range for the value is 1–255. The default value is seven seconds.
    • The optional algorithm keyword followed by either the hmac-md5 keyword or the keyed-md5 keyword to specify the type of authentication algorithm for Mobile IP messages.

    To configure the security associations for a mobile node:

    • Issue the ip mobile secure host command in Global Configuration mode.
      host1(config)#ip mobile secure host 200.1.1.1 spi 0x398 key ascii w4ex algorithm keyed-md5 replay timestamp within 225

      or

      host1(config)#ip mobile secure host nai @amazon.net spi 0x100 key ascii pD4En algorithm keyed-md5 replay timestamp within 100

      Use the no version to delete the security associations for the specified host on the virtual router.

    Published: 2014-08-12