Filter
Top Products
4-26
User Guide for Cisco Home Agent Service Manager
OL-6918-01
Chapter 4 Using Service Manager
Activating Services on HA Devices
Step 7 Perform one of these actions:
• Click Finish to complete the configuration.
HA SM schedules a new job. A notification message displays the Job ID. After the job completes,
you can view the details of the job in the Job Details window. See Viewing Job Details, page 4-15,
for more information on the job details.
• Click Cancel to exit the wizard.
• Click Back to edit the configuration.
Security Associations
All registration messages between an MN and a HA are authenticated in Mobile IP to prevent
denial-of-service and replay attacks. Security associations are used to authenticate the mobile device. A
security association is a collection of security contexts between a pair of nodes, which may be applied
to Mobile IP protocol messages that are exchanged between them. Each context indicates an
authentication algorithm and mode, a secret (a shared key or appropriate public or private key pair), and
a style of replay protection in use.
Message Digest 5 (MD5) is an algorithm that takes the registration message and a key to compute the
smaller chunk of data, called a message digest, plus a secret key. The MN and HA have a copy of the
key, called a symmetric key, and authenticate each other by comparing the results of the computation.
The authentication process begins when an MN sends the registration request. The MN adds the time
stamp, computes the message digest, and appends the Mobile-Home Authentication Extension (MHAE)
to the registration request. The HA receives the request, checks if the time stamp is valid, computes the
message digest using the same key, and compares the message digest results. If the results match, the
request is successfully authenticated. For the registration reply, the HA adds the time stamp, computes
the message digest, and appends the Mobile-Home Authentication Extension MHAE to the registration
reply. The MN authenticates the registration reply upon arrival from the HA.
Replay protection is enabled on the registration packets to protect the network from replay attacks. A
replay attack occurs when an individual records an authentic message that was previously transmitted
and replays it at a later time.
To display a list of security associations for the MN, Home Agent, or Foreign Agent that is configured
in the HA Service Manager:
Step 1 Choose a device group (Choose Service Manager > Select Group). See Selecting an HA Device Group,
page 4-3.
Step 2 Choose HA Service Manager > Service Activation > Security Associations.