Table Of Contents
Mobile IP—Challenge/Response Extensions
Contents
Prerequisites for Mobile IP—Challenge/Response Extensions
Restrictions for Mobile IP—Challenge/Response Extensions
Information About Foreign Agent Challenge/Response Extensions
Challenge/Response Extensions
How to Configure Foreign Agent Challenge/Response Extensions
Configuring FA Challenge/Response Extensions
Prerequisites
Verifying Foreign Agent Service Configuration
Additional References
Related Documents
Standards
MIBs
RFCs
Technical Assistance
Command Reference
debug ip mobile advertise
ip mobile foreign-service
show ip mobile traffic
Mobile IP—Challenge/Response Extensions
The Mobile IP—Challenge/Response Extensions feature enables a foreign agent (FA) to authenticate a mobile node (MN) by sending mobile foreign challenge extensions (MFCE) and mobile node-AAA authentication extensions (MNAE) to the home agent (HA) in registration requests.
Feature Specifications for Mobile IP—Challenge/Response Extensions
Feature History
|
|
Release
|
Modification
|
12.2(13)T
|
This feature was introduced.
|
Supported Platforms
|
For platforms supported in Cisco IOS Release 12.2(13)T, consult Cisco Feature Navigator.
|
Determining Platform Support Through Cisco Feature Navigator
Cisco IOS software is packaged in feature sets that are supported on specific platforms. To get updated information regarding platform support for this feature, access Cisco Feature Navigator. Cisco Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.
Cisco Feature Navigator is a web-based tool that enables you to determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or release. Under the release section, you can compare releases side by side to display both the features unique to each software release and the features in common.
To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:
http://www.cisco.com/register
Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:
http://www.cisco.com/go/fn
Availability of Cisco IOS Software Images
Platform support for particular Cisco IOS software releases is dependent on the availability of the software images for those platforms. Software images for some platforms may be deferred, delayed, or changed without prior notice. For updated information about platform support and availability of software images for each Cisco IOS software release, refer to the online release notes or, if supported, Cisco Feature Navigator.
Contents
•
Prerequisites for Mobile IP—Challenge/Response Extensions
•Restrictions for Mobile IP—Challenge/Response Extensions
•Information About Foreign Agent Challenge/Response Extensions
•How to Configure Foreign Agent Challenge/Response Extensions
•Additional References
•Command Reference
Prerequisites for Mobile IP—Challenge/Response Extensions
In the Mobile IP—Challenge/Response Extensions feature, the foreign agent expects mobile node RRQs to contain the following extensions:
•Mobile node network address identifier
•MHAE
•Mobile node-foreign agent challenge extension
•Mobile node-AAA extension authenticator computed based on a shared secret between the mobile node and the AAA server.
If unique per-user passwords are configured on the AAA and the mobile nodes, and the mobile node or home agent security association is configured on the AAA server, the HA expects mobile node RRQs received from the FA CoA to contain the following:
•MFCE
•Mobile node -AAA extension authenticator
Restrictions for Mobile IP—Challenge/Response Extensions
The Mobile IP—Challenge/Response Extensions feature has the following restrictions:
•Mobile Node Colocated care-of address (CCOA) mode is not supported.
Information About Foreign Agent Challenge/Response Extensions
To configure the Mobile IP—Foreign Agent Challenge/Response feature, you must understand the following concepts:
•Challenge/Response Extensions
Challenge/Response Extensions
Mobile IP, as originally implemented, defines a Mobile-Foreign Authentication extension by which a mobile node can authenticate itself to a foreign agent. This Mobile-Foreign Authentication extension does not provide complete replay protection for the foreign agent and does not allow the foreign agent to use existing methods, such as Challenge Handshake Authentication Protocol (CHAP) to authenticate a mobile node. The Mobile IP—Foreign Agent Challenge/Response Extensions feature extends the Mobile IP agent advertisements and the registration requests that enable a foreign agent to use a challenge/response mechanism to authenticate a mobile node.
When the Mobile IP—Foreign Agent Challenge/Response Extensions feature is configured, the foreign agent expects the mobile node to include a challenge extension with a challenge value that the mobile node had previously advertised. The foreign agent also expects to receive this challenge extension within a specific time interval. The mobile node must also send an extension for authentication (MFAE or MN-AAA.)
How to Configure Foreign Agent Challenge/Response Extensions
This section includes the following procedures:
•Configuring FA Challenge/Response Extensions
•Verifying Foreign Agent Service Configuration
Configuring FA Challenge/Response Extensions
Perform this task to configure a foreign agent to authenticate a mobile node by sending MFCEs and MNAEs in registration requests.
Prerequisites
If unique per-user passwords are configured on the AAA and the mobile nodes, and the mobile node or home agent security association is configured on the AAA server, the HA expects mobile node RRQs received from the FA CoA to contain the following:
•MFCE
•Mobile node -AAA extension authenticator
If the MFCE and MN-AAA extension authenticator are not forwarded to the home agent, the AAA server storing the mobile node/ home agent SAs must have identical passwords for all users to aid SA retrieval.
Note If the Mobile Node is registering in FA-COA mode and the Security Associations (SAs) must be obtained from AAA, the user password must be configured as "cisco".
SUMMARY STEPS
1. enable
2. configure {terminal | memory | network}
3. router mobile
4. ip mobile foreign-agent care-of interface
5. interface type number
6. ip address ip-address mask
7. ip irdp
8. ip irdp holdtime seconds
9. ip irdp maxadvertinterval seconds
10. ip irdp minadvertinterval seconds
11. ip mobile foreign-service challenge {timeout value | window number}
12. ip mobile foreign-service challenge forward-mfce
DETAILED STEPS
| |
Command
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables higher privilege levels, such as privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure {terminal | memory | network}
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
router mobile
Example:
Router(config)# router mobile
|
Enables Mobile IP on the router.
|
Step 4
|
ip mobile foreign-agent care-of interface
Example:
Router(config)# ip mobile foreign-agent care-of
serial0
|
Enables Foreign Agent services when at least one care-of address is configured.
•This is the foreign network termination point of the tunnel between the Foreign Agent and Home Agent. The care-of address is the IP address of the interface. The interface, whether physical or loopback, need not be the same as the visited interface.
|
Step 5
|
interface type number
Example:
Router(config)# interface serial0
|
Configures an interface and enters interface configuration mode.
|
Step 6
|
ip address ip-address mask
Example:
Router(config-if)# ip address 10.1.0.1 255.255.255.255
|
Sets a primary IP address of the interface.
|
Step 7
|
ip irdp
Example:
Router(config-if)# ip irdp
|
Enables IRDP processing on an interface.
|
Step 8
|
ip irdp holdtime seconds
Example:
Router(config-if)# ip irdp holdtime 9000
|
Length of time in seconds that advertisements are held valid.
•Default is three times the maxadvertinterval period. When foreign agent challenge extensions are implemented, this value must be set to 9000 seconds.
|
Step 9
|
ip irdp maxadvertinterval seconds
Example:
Router(config-if)# ip irdp maxadvertinterval 9000
|
(Optional) Specifies the maximum interval in seconds between advertisements.
|
Step 10
|
ip irdp minadvertinterval seconds
Example:
Router(config-if)# ip irdp minadvertinterval 7
|
(Optional) Specifies the minimum interval in seconds between advertisements.
|
Step 11
|
ip mobile foreign-service challenge {timeout value |
window number}
Example:
Router(config-if)# ip mobile foreign-service challenge
timeout 10
|
Enables Foreign Agent service on an interface.
•Configures the challenge timeout value and the number of valid recently sent challenge values.
|
Step 12
|
ip mobile foreign-service challenge
Example:
Router(config-if)# ip mobile foreign-service challenge
forward-mfce
|
Enables the foreign agent to send MFCEs to the home agent in registration requests.
|
Verifying Foreign Agent Service Configuration
Perform this task to optionally verify that the interface has been configured to provide foreign agent services.
SUMMARY STEPS
1. enable
2. show ip mobile globals
3. show ip mobile interface
4. show ip mobile traffic
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables higher privilege levels, such as privileged EXEC mode.
Enter your password if prompted.
|
Step 2
|
show ip mobile globals
Example:
Router# show ip mobile globals
|
(Optional) Displays global information for mobile agents.
|
Step 3
|
show ip mobile interface
Example:
Router# show ip mobile interface
|
(Optional) Displays advertisement information for interfaces that are providing foreign agent service or are home links for mobile nodes.
|
Step 4
|
show ip mobile traffic
Example:
Router# show ip mobile traffic
|
(Optional) Displays protocol counters.
|
Additional References
The following sections provide additional references related to the Mobile IP—Challenge/Response Extensions feature:
•Related Documents
•Standards
•MIBs
•RFCs
•Technical Assistance
Related Documents
Standards
Standards
|
Title
|
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
|
—
|
MIBs
|
|
MIBs Link
|
•RFC2006-MIB
•CISCO-MOBILE-IP-MIB
|
To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
|
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
http://tools.cisco.com/ITDIT/MIBS/servlet/index
If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:
http://www.cisco.com/register
RFCs
|
|
Title
|
RFC 2002
|
IP Mobility Support
|
RFC 2003
|
IP Encapsulation within IP
|
RFC 2005
|
Applicability Statement for IP Mobility Support
|
RFC 2006
|
The Definitions of Managed Objects for IP Mobility Support
|
RFC 3024
|
Reverse Tunneling for Mobile IP, revised
|
Technical Assistance
Description
|
Link
|
Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, tools, and lots more. Registered Cisco.com users can log in from this page to access even more content.
|
http://www.cisco.com/public/support/tac/home.shtml
|
Command Reference
This section documents modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.2 command reference publications.
•debug ip mobile advertise
•ip mobile foreign-service
•show ip mobile traffic
debug ip mobile advertise
To display advertisement information, use the debug ip mobile advertise command in privileged EXEC mode.
debug ip mobile advertise
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC
Command History
Release
|
Modification
|
12.0(1)T
|
This command was introduced.
|
12.2(13)T
|
This command was enhanced to display information about Mobile IP challenge/response extensions.
|
Examples
The following is sample output from the debug ip mobile advertise command:
Router# debug ip mobile advertise
MobileIP: Agent advertisement sent out Ethernet1/2: type=16, len=10, seq=1,
lifetime=36000,
flags=0x1400(rbhFmGv-rsv-),
Care-of address: 68.0.0.31
Prefix Length ext: len=1 (8 )
FA Challenge value:769C808D
Table 1 describes the significant fields shown in the display.
Table 1 debug ip mobile advertise Field Descriptions
Field
|
Description
|
type
|
Type of advertisement.
|
len
|
Length of extension (in bytes).
|
seq
|
Sequence number of this advertisement.
|
lifetime
|
Lifetime (in seconds).
|
flags
|
Capital letters represent bits that are set; lowercase letters represent unset bits.
|
Care-of address
|
IP address.
|
Prefix Length ext
|
Number of prefix lengths advertised. This is the bits in the mask of the interface sending this advertisement. Used for roaming detection.
|
FA Challenge value
|
Foreign Agent challenge value (randomly generated by the foreign agent.)
|
ip mobile foreign-service
To enable foreign agent service on an interface if care-of addresses are configured, use the ip mobile foreign-service command in interface configuration mode. To disable this service, use the no form of this command.
ip mobile foreign-service [home-access access-list] [limit number] [registration-required]
[challenge {timeout value | window number | forward-mfce}] [reverse-tunnel [mandatory]]
no ip mobile foreign-service [home-access access-list] [limit number] [registration-required]
[challenge {timeout value | window number | forward-mfce}] [reverse-tunnel [mandatory]]
Syntax Description
home-access access-list
|
(Optional) Controls which home agent addresses mobile nodes can be used to register. The access list can be a string or number from 1 to 99. For releases prior to 12.3T, you cannot use this keyword when you enable foreign agent service on a subinterface.
|
limit number
|
(Optional) Number of visitors allowed on the interface. The Busy (B) bit will be advertised when the number of registered visitors reaches this limit. For releases prior to 12.3T, you cannot use this keyword when you enable foreign agent service on a subinterface.
|
registration-required
|
(Optional) Solicits registration from the mobile node even if it uses colocated care-of addresses. The Registration-required (R) bit will be advertised. For releases prior to 12.3T, you cannot use this keyword when you enable foreign agent service on a subinterface.
|
challenge
|
(Optional) Configures the foreign agent challenge parameters. For releases prior to 12.3T, you cannot use this keyword when you enable foreign agent service on a subinterface.
|
timeout value
|
(Optional) Challenge timeout in seconds. Possible values are from 1 to 10.
|
window number
|
(Optional) Maximum number of valid challenge values to maintain. Possible values are from 1 to 10. The default is 2.
|
forward-mfce
|
(Optional) Enables the foreign agent to forward mobile foreign challenge extensions (MFCEs) and mobile station-AAA to the home agent.
|
reverse-tunnel [mandatory]
|
(Optional) Enables reverse tunneling on the foreign agent. For releases prior to 12.3T, you cannot use this keyword when you enable foreign agent service on a subinterface.
|
Defaults
Foreign agent service is not enabled.
There is no limit to the number of visitors allowed on an interface.
window number: 2
Foreign agent reverse tunneling is not enabled. When foreign agent reverse tunneling is enabled, it is not mandatory by default.
Command Modes
Interface configuration
Command History
Release
|
Modification
|
12.0(1)T
|
This command was introduced.
|
12.1(3)XS
|
The challenge keyword and associated parameters were added.
|
12.2(2)XC
|
The reverse-tunnel keyword was added.
|
12.2(13)T
|
The challenge keyword and the reverse-tunnel keywords were integrated into Cisco IOS Release 12.2(13)T.
|
Usage Guidelines
This command enables foreign agent service on an interface. The foreign agent (F) bit will be set in the agent advertisement, which is appended to the ICMP Router Discovery Protocol (IRDP) router advertisement whenever the foreign agent or home agent service is enabled on the interface.
Note The Registration-required bit tells the visiting mobile node to register if the visiting mobile node is using a colocated care-of address. You must set up packet filters to enforce this behavior. For example, you could deny packets destined for port 434 from the interface of this foreign agent.
When you use the reverse-tunnel keyword to enable foreign agent reverse tunneling on an interface, the reverse tunneling support (T) bit is set in the agent advertisement.
Table 2 lists the foreign agent advertisement bitflags.
Table 2 Foreign Agent Advertisement Bitflags
Bit Set
|
Service Advertisement
|
T
|
Set if the reverse-tunnel parameter is enabled.
|
R
|
Set if the registration-required parameter is enabled.
|
B
|
Set if the number of visitors reached the limit parameter.
|
H
|
Set if the interface is the home link to the mobile host (group).
|
F
|
Set if foreign agent service is enabled.
|
M
|
Never set.
|
G
|
Always set.
|
V
|
Never set.
|
reserved
|
Never set.
|
Examples
The following example shows how to enable foreign agent service for up to 100 visitors:
ip mobile foreign-service limit 100 registration-required
The following example shows how to enable foreign agent reverse tunneling:
ip mobile foreign-service reverse-tunnel
The following example shows how to configure foreign agent challenge parameters:
ip mobile foreign-service challenge window 2
Related Commands
Command
|
Description
|
show ip mobile interface
|
Displays advertisement information for interfaces that are providing foreign agent service or are home links for mobile nodes.
|
show ip mobile traffic
To display protocol counters, use the show ip mobile traffic command in EXEC mode.
show ip mobile traffic
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Command History
Release
|
Modification
|
12.0(1)T
|
This command was introduced.
|
12.2(13)T
|
This command was enhanced to display information about foreign agent reverse tunnels and foreign agent challenge/response extensions.
|
Usage Guidelines
Counters can be reset to zero using the clear ip mobile traffic command, which also allows you to undo the reset.
Examples
The following is sample output from the show ip mobile traffic command:
Router# show ip mobile traffic
Advertisements sent 0, response to solicitation 0
Home Agent Registrations:
Register 0, Deregister 0 requests
Register 0, Deregister 0 replied
Accepted 0, No simultaneous bindings 0
Unspecified 0, Unknown HA 0
Administrative prohibited 0, No resource 0
Authentication failed MN 0, FA 0
Bad identification 0, Bad request form 0
Unavailable encap 0, reverse tunnel 0
Reverse tunnel mandatory 0
Binding updates received 0, sent 0 total 0 fail 0
Binding update acks received 0, sent 0
Binding info request received 0, sent 0 total 0 fail 0
Binding info reply received 0 drop 0, sent 0 total 0 fail 0
Binding info reply acks received 0 drop 0, sent 0
Gratuitous 0, Proxy 0 ARPs sent
Foreign Agent Registrations:
Forwarded 0, Denied 0, Ignored 0
Unspecified 0, HA unreachable 0
Administrative prohibited 0, No resource 0
Bad lifetime 0, Bad request form 0
Unavailable encapsulation 0, Compression 0
Unavailable reverse tunnel 0
Reverse tunnel mandatory 0
Forwarded 0, Bad 0, Ignored 0
Authentication failed MN 0, HA 0
Received challenge/gen. authentication extension, feature not enabled 0
Route Optimization Binding Updates received 0, acks sent 0 neg acks sent 0
Unknown challenge 1, Missing challenge 0, Stale challenge 0
Table 3 describes the significant fields shown in the display.
Table 3 show ip mobile traffic Field Descriptions
Field
|
Description
|
Solicitations received
|
Total number of solicitations received by the mobility agent.
|
Advertisements sent
|
Total number of advertisements sent by the mobility agent.
|
response to solicitation
|
Total number of advertisements sent by the mobility agent in response to mobile node solicitations.
|
Home Agent
|
|
Register requests
|
Total number of Registration Requests received by the home agent.
|
Deregister requests
|
Total number of Registration Requests received by the home agent with a lifetime of zero (requests to deregister).
|
Register replied
|
Total number of Registration Replies sent by the home agent.
|
Deregister replied
|
Total number of Registration Replies sent by the home agent in response to requests to deregister.
|
Accepted
|
Total number of Registration Requests accepted by the home agent (Code 0).
|
No simultaneous bindings
|
Total number of Registration Requests accepted by the home agent—simultaneous mobility bindings unsupported (Code 1).
|
Denied
|
Total number of Registration Requests denied by the home agent.
|
Ignored
|
Total number of Registration Requests ignored by the home agent.
|
Unspecified
|
Total number of Registration Requests denied by the home agent—reason unspecified (Code 128).
|
Unknown HA
|
Total number of Registration Requests denied by the home agent—unknown home agent address (Code 136).
|
Administrative prohibited
|
Total number of Registration Requests denied by the home agent—administratively prohibited (Code 129).
|
No resource
|
Total number of Registration Requests denied by the home agent—insufficient resources (Code 130).
|
Authentication failed MN
|
Total number of Registration Requests denied by the home agent—mobile node failed authentication (Code 131).
|
Authentication failed FA
|
Total number of Registration Requests denied by the home agent—foreign agent failed authentication (Code 132).
|
Bad identification
|
Total number of Registration Requests denied by the home agent—identification mismatch (Code 133).
|
Bad request form
|
Total number of Registration Requests denied by the home agent—poorly formed request (Code 134).
|
Unavailable encap
|
Total number of Registration Requests denied by the home agent—unavailable encapsulation (Code 139).
|
Reverse tunnel mandatory
|
Total number of Registration Requests denied by the home agent—reverse tunnel is mandatory and the "T" bit is not set (Code 138).
|
Unavailable reverse tunnel
|
Total number of Registration Requests denied by the home agent—reverse tunnel unavailable (Code 137).
|
Binding updates
|
A Mobile IP standby message sent from the active router to the standby router when a registration request comes into the active router.
|
Binding update acks
|
A Mobile IP standby message sent from the standby router to the active router to acknowledge the reception of a binding update.
|
Binding info request
|
A Mobile IP standby message sent from a router coming up from reboot or a down interface. The message is a request to the current active router to send the entire Mobile IP binding table.
|
Binding info reply
|
A reply from the active router to the standby router that has part or all of the binding table (depending on size).
|
Binding info reply acks
|
An acknowledge message from the standby router to the active router that it has received the binding information reply.
|
Gratuitous ARP
|
Total number of gratuitous Address Resolution Protocol (ARP) messages sent by the home agent on behalf of mobile nodes.
|
Proxy ARPs sent
|
Total number of proxy ARP messages sent by the home agent on behalf of mobile nodes.
|
Foreign Agent
|
|
Request in
|
Total number of Registration Requests received by the foreign agent.
|
Forwarded
|
Total number of Registration Requests relayed to the home agent by the foreign agent.
|
Denied
|
Total number of Registration Requests denied by the foreign agent.
|
Ignored
|
Total number of Registration Requests ignored by the foreign agent.
|
Unspecified
|
Total number of Registration Requests denied by the foreign agent—reason unspecified (Code 64).
|
HA unreachable
|
Total number of Registration Requests denied by the foreign agent—home agent unreachable (Codes 80-95).
|
Administrative prohibited
|
Total number of Registration Requests denied by the foreign agent—administratively prohibited (Code 65).
|
No resource
|
Total number of Registration Requests denied by the home agent—insufficient resources (Code 66).
|
Bad lifetime
|
Total number of Registration Requests denied by the foreign agent—requested lifetime too long (Code 69).
|
Bad request form
|
Total number of Registration Requests denied by the home agent—poorly formed request (Code 70).
|
Unavailable encapsulation
|
Total number of Registration Requests denied by the home agent—unavailable encapsulation (Code 72).
|
Unavailable compression
|
Total number of Registration Requests denied by the foreign agent—requested Van Jacobson header compression unavailable (Code 73).
|
Unavailable reverse tunnel
|
Total number of Registration Requests denied by the home agent—reverse tunnel unavailable (Code 74).
|
Reverse tunnel mandatory
|
Total number of Registration Requests denied by the foreign agent—reverse tunnel is mandatory and the "T" bit is not set (Code 75).
|
Replies in
|
Total number of well-formed Registration Replies received by the foreign agent.
|
Forwarded
|
Total number of valid Registration Replies relayed to the mobile node by the foreign agent.
|
Bad
|
Total number of Registration Replies denied by the foreign agent—poorly formed reply (Code 71).
|
Ignored
|
Total number of Registration Replies ignored by the foreign agent.
|
Authentication failed MN
|
Total number of Registration Requests denied by the home agent—mobile node failed authentication (Code 67).
|
Authentication failed HA
|
Total number of Registration Replies denied by the foreign agent—home agent failed authentication (Code 68).
|
Received challenge/gen. authentication extension, feature not enabled
|
Total number of Registration Requests dropped by the foreign agent—received challenge/generalized-authentication extension in registration request but Mobile IP foreign agent challenge/response extensions is not enabled.
|
Unknown challenge
|
Total number of Registration Requests denied by the foreign agent—unknown challenge (Code 104).
|
Missing Challenge
|
Total number of Registration Requests denied by the foreign agent—missing challenge (Code 105).
|
Stale Challenge
|
Total number of Registration Requests denied by the foreign agent—stale challenge (Code 106).
|
