Filter
Top Products
25-84
Cisco Prime Network 4.0 User Guide
OL-29343-01
Chapter 25 Monitoring Mobile Technologies
LTE Networks
IP Security (IPSec)
Internet Protocol Security or IPSec is a protocol suite that interacts with one another to provide secure
private communications across IP networks. These protocols allow the system to establish and maintain
secure tunnels with peer security gateways. In accordance with the following standards, IPSec provides
a mechanism for establishing secure channels from mobile subscribers to pre-defined end points (such
as enterprise or home networks):
• RFC 2401, Security Architecture for the Internet Protocol
• RFC 2402, IP Authentication Header (AH)
• RFC 2406, IP Encapsulating Security Payload (ESP)
• RFC 2409, The Internet Key Exchange (IKE)
• RFC-3193, Securing L2TP using IPSEC, November 2001
IPSec can be implemented for the following applications:
• PDN Access: Subscriber IP traffic is routed over an IPSec tunnel from the system to a secure
gateway on the packet data network (PDN) as determined by access control list (ACL) criteria.
• Mobile IP: Mobile IP control signals and subscriber data is encapsulated in IPSec tunnels that are
established between foreign agents (FAs) and home agents (HAs) over the Pi interfaces.
IKEv2 and IPSec Encryption
ePDG supports Internet Key Exchange Version 2 (IKEv2) and IP Security Encapsulating Security
Payload (IPSec ESP) encryption over IPv4 transport. The IKEv2 and IPSec encryption takes care of
network domain security for all IP packet switched networks. It uses cryptographic techniques to ensure
ensures confidentiality, integrity, authentication, and anti-replay protection.
ePDG Security
In Prime Network, the following security services are available for ePDG:
• Crypto template—Used to define the IKEv2 and IPSec policies. In other words, it includes IKEv2
and IPSec parameters for keepalive, lifetime, NAT-T and cryptographic and authentication
algorithms.
• EAP Profile—Defines the EAP authentication method and associated parameters.
• Transform Set—Define the negotiable algorithms for IKE SAs (Security Associations) and Child
SAs to enable calls to connect to the ePDG.
Viewing the Crypto Template Service Details
To view the Crypto template details:
Step 1 Right-click the required device in Prime Network Vision and choose Inventory.
Step 2 In the logical inventory window, choose Logical
Inventory > Context > Security Association > Crypto Template. The list of crypto templates are
displayed in the content pane.
Step 3 In the Crypto Template node, choose the crypto template. The template details are displayed in the
content pane. Figure 25-13 displays the crytpo template details.