Manual
Cisco Packet Data Serving Node (PDSN) Release 2.0
Configuration Tasks
59
12.3(11)T
Configuring IS835-B IPSec for the Cisco PDSN
To configure IS835-B IPSec for the PDSN, use the following commands in global configuration mode:
Here is an example configuration for the IS835-B based IPSecfeature:
Router(config)#crypto isakmp policy 1
authentication pre-share
Router(config)#crypto isakmp key cisco address 7.0.0.2
Router(config)#crypto ipsec transform-set mobile-set1 esp-3des
Router(config)#crypto ipsec profile testprof
set transform-set mobile-set1
Router(config)#crypto identity pdsntest
Router(config)#ip mobile cdma ipsec
Router(config)# ip mobile cdma ipsec profile testprof
Router(config)#ip mobile foreign-agent reg-wait 30
Configuring Proxy Mobile IP Attributes Locally
As an alternative to true Mobile IP, which is not supported by all mobile devices, you can configure the
Cisco PDSN to provide many of the benefits of Mobile IP through the use of proxy Mobile IP. All proxy
Mobile IP attributes can be retrieved from the AAA server. To configure proxy Mobile IP attributes
locally, use the following command in global configuration mode:
Command Purpose
Router(config)# Router(config)# ip mobile cdma ipsec
Enables or disables the CDMA IPSec feature.
This is only present in crypto images for the Cisco
7200 Series Internet router, and non-crypto
images for the Cisco MWAM.
The Crypto Map definition is not complete until:
1. ACL associated with it is defined, and
2. The Crypto-Map applied on Interface. You
can configure Crypto MAP for different HAs
by using a different sequence number for
each HA in one crypto-map set.
Router(config)# ip mobile cdma ipsec profile profile-tag
Converts Crypto Map into a template tha can be
used to setup an identical policy dynamically.
This command is only present in crypto images
for the Cisco 7200 Series Internet router.
It is assumed that crypto-profile has been created
earlier. Basically, crypto-map has been marked as
profile by the crypto map Tag_1 Seq_No
ipsec-isakmp profile Tag_2 command. In this
command Tag_2 is profile name, and this will be
entered using this CLI.
Command Purpose
Router(config)# ip mobile proxy-host nai username@realm
[flags rrq-flags] [ha homeagent] [homeaddr address]
[lifetime value] [local-timezone]
Specifies proxy Mobile IP attributes locally on the
PDSN.