Because the Mobile IP protocol requires message authentication, you must identify the security context using a Security Parameter Index (SPI). You define the security context in the SPI section. You must include a different SPI section for each security context defined. A numerical ID identifies the security context. The Mobile IP protocol reserves the first 256 SPIs. Therefore, you should use only SPI values greater than 256. The SPI section contains security-related information, such as shared secrets and replay protection.
The SPI section also contains the ReplayMethod and Key labels. This section defines the security contexts. The SPI section has the following syntax:
[SPI SPI-identifier] ReplayMethod = <none/timestamps> Key = key |
Two communicating peers must share the same SPI identifier. You must configure them with the same key and replay method. You specify the key as a string of hex digits. The maximum length is 16 bytes. For example, if the key is 16 bytes long, and contains the hex values 0 through f, the key string might look like:
Key = 0102030405060708090a0b0c0d0e0f10 |
Keys must have an even number of digits (corresponding to the two digits per byte representation).
The following table describes the labels and values that you can use in the SPI section.
Table 2-4 SPI Section Labels and Values
Label |
Value |
Description |
---|---|---|
ReplayMethod |
none or timestamps |
Specifies the type of replay authentication used for the SPI. |
Key |
x |
Authentication key in hexadecimal. |