ip mobile secure host

Syntax

ip mobile secure host { nai { user@realm | @realm | @ } | ipAddress } spi spi
key { hex hexKeyVal | ascii asciiKeyVal } [ replay timestamp within seconds ]
[ algorithm { hmac-md5 | keyed-md5 } ]

no ip mobile secure host { nai { user@realm | @realm } | ipAddress } spi spi
key { hex hexKeyVal | ascii asciiKeyVal }

Release Information

Command introduced in JUNOSe Release 9.0.0.

Description

Configures the security associations for a mobile node. You can configure the security associations for a mobile node only after configuring a corresponding host configuration for the mobile node, and only if you have not configured the AAA service on the virtual router. You can specify the interval within which a registration request can exceed the home agent configured time value by specifying the replay timestamp within keyword. The no version deletes the security associations for the specified host on the virtual router.

Note: If you delete a mobile node host by using the no ip mobile host command, all security associations that you configured for this host are deleted.

Options

• user@realm—Name of the user for the mobile node specification when the nai keyword is specified, in the format user@realm, where realm is the domain name
• @realm—Name of the user for the mobile node specification when the nai keyword is specified, in the format @realm, where realm is the domain name
• @—Name of the user for the mobile node specification when the nai keyword is specified, in the format @
• ip Address—IP address of the foreign agent
• spi—Security parameter index (SPI) value, a specific 4-octet hexadecimal number, in the range 0x100–0xFFFFFFFF, that authenticates inbound requests and permits authentication for outbound registration requests
• hexKeyVal—128-bit hexadecimal number, in the range 0x0–0xFFFFFFFE, that specifies the authentication key for a specific security association
• asciiKeyVal—128-bit alphanumeric value, up to a maximum of 16 characters, that specifies the authentication key for a specific security association
• seconds—Number of seconds, in the range 1–255, by which a registration request can exceed the home agent configured time value; default value is 7 seconds
• hmac-md5—Specifies the authentication algorithm for Mobile IP messages, default value is hmac-md5
• keyed-md5—Specifies the authentication algorithm for Mobile IP messages

Global Configuration

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.