Configuring Optional Features on the MME
Configuring Dynamic Node-to-Node IP Security on the S1-MME Interface
Creating and Configuring an IPSec Transform Set
configure
context <mme_context_name>
ipsec
transform-set <ipsec_transform-set_name>
encryption
aes-cbc-128
group
none
hmac
sha1-96
mode
tunnel
end
Creating and Configuring an IKEv2 Transform Set
configure
context <mme_context_name>
ikev2-ikesa
transform-set <ikev2_transform-set_name>
encryption
aes-cbc-128
group
2
hmac
sha1-96
lifetime <sec>
prf
sha1
end
Creating and Configuring a Crypto Template
configure
context <mme_context_name>
crypto
template <crypto_template_name>
ikev2-dynamic
authentication
local pre-shared-key key <text>
authentication
remote pre-shared-key key <text>
ikev2-ikesa
transform-set list <name1>
. . . <name6>
ikev2-ikesa
rekey
payload
<name>
match childsa match ipv4
ipsec
transform-set list <name1>
. . . <name4>
rekey
end
Binding the S1-MME IP Address to the Crypto Template
configure
context <mme_context_name>
mme-service <mme_svc_name>
bind
s1-mme ipv4-address <address>
ipv4-address <address> crypto-template <enodeb_crypto_template>
end
Configuring ACL-based Node-to-Node IP Security on the S1-MME Interface
Creating and Configuring a Crypto Access Control List
configure
context <mme_context_name>
ip
access-list <acl_name>
permit
tcp host <source_host_address>
host <dest_host_address>
end
Creating and Configuring an IPSec Transform Set
configure
context <mme_context_name>
ipsec
transform-set <ipsec_transform-set_name>
encryption
aes-cbc-128
group
none
hmac
sha1-96
mode
tunnel
end
Creating and Configuring an IKEv2 Transform Set
configure
context <mme_context_name>
ikev2-ikesa
transform-set <ikev2_transform-set_name>
encryption
aes-cbc-128
group
2
hmac
sha1-96
lifetime <sec>
prf
sha1
end
Creating and Configuring a Crypto Map
configure
context <mme_context_name>
crypto
map <crypto_map_name> ikev2-ipv4
match
address <acl_name>
peer <ipv4_address>
authentication
local pre-shared-key key <text>
authentication
remote pre-shared-key key <text>
payload
<name>
match ipv4
lifetime <seconds>
ipsec
transform-set list <name1>
. . . <name4>
exit
exit
interface
<s1-mme_intf_name>
ip
address <ipv4_address>
crypto
map <crypto_map_name>
exit
exit
port
ethernet <slot_number/port_number>
no
shutdown
bind
interface <s1-mme_intf_name> <mme_context_name>
end
Configuring Optional Features on the eGTP S-GW
Configuring ACL-based Node-to-Node IP Security on the S1-U and S5 Interfaces
Creating and Configuring a Crypto Access Control List
configure
context <sgw_context_name>
ip
access-list <acl_name>
permit
tcp host <source_host_address>
host <dest_host_address>
end
Creating and Configuring an IPSec Transform Set
configure
context <sgw_context_name>
ipsec
transform-set <ipsec_transform-set_name>
encryption
aes-cbc-128
group
none
hmac
sha1-96
mode
tunnel
end
Creating and Configuring an IKEv2 Transform Set
configure
context <sgw_context_name>
ikev2-ikesa
transform-set <ikev2_transform-set_name>
encryption
aes-cbc-128
group
2
hmac
sha1-96
lifetime <sec>
prf
sha1
end
Creating and Configuring a Crypto Map
configure
context <sgw_ingress_context_name>
crypto
map <crypto_map_name> ikev2-ipv4
match
address <acl_name>
peer <ipv4_address>
authentication
local pre-shared-key key <text>
authentication
remote pre-shared-key key <text>
payload
<name>
match ipv4
lifetime <seconds>
ipsec
transform-set list <name1>
. . . <name4>
exit
exit
interface
<s1-u_intf_name>
ip
address <ipv4_address>
crypto
map <crypto_map_name>
exit
exit
port
ethernet <slot_number/port_number>
no
shutdown
bind
interface <s1_u_intf_name> <sgw_ingress_context_name>
end
configure
context <sgw_egress_context_name>
crypto
map <crypto_map_name> ikev2-ipv4
match
address <acl_name>
peer <ipv4_address>
authentication
local pre-shared-key key <text>
authentication
remote pre-shared-key key <text>
payload
<name>
match ipv4
lifetime <seconds>
ipsec
transform-set list <name1>
. . . <name4>
exit
exit
interface <s5_intf_name>
ip
address <ipv4_address>
crypto
map <crypto_map_name>
exit
exit
port
ethernet <slot_number/port_number>
no
shutdown
bind
interface <s5_intf_name> <sgw_egress_context_name>
end
Configuring Optional Features on the P-GW
Configuring ACL-based Node-to-Node IP Security on the S5 Interface
Creating and Configuring a Crypto Access Control List
configure
context <pgw_context_name>
ip
access-list <acl_name>
permit
tcp host <source_host_address>
host <dest_host_address>
end
Creating and Configuring an IPSec Transform Set
configure
context <pgw_context_name>
ipsec
transform-set <ipsec_transform-set_name>
encryption
aes-cbc-128
group
none
hmac
sha1-96
mode
tunnel
end
Creating and Configuring an IKEv2 Transform Set
configure
context <pgw_context_name>
ikev2-ikesa
transform-set <ikev2_transform-set_name>
encryption
aes-cbc-128
group
2
hmac
sha1-96
lifetime <sec>
prf
sha1
end
Creating and Configuring a Crypto Map
configure
context <pgw_context_name>
crypto
map <crypto_map_name> ikev2-ipv4
match
address <acl_name>
peer <ipv4_address>
authentication
local pre-shared-key key <text>
authentication
remote pre-shared-key key <text>
payload
<name>
match ipv4
lifetime <seconds>
ipsec
transform-set list <name1>
. . . <name4>
exit
exit
interface <s5_intf_name>
ip
address <ipv4_address>
crypto
map <crypto_map_name>
exit
exit
port
ethernet <slot_number/port_number>
no
shutdown
bind
interface <s5_intf_name> <pgw_context_name>
end