test

Mobile IP Administration Guide

GlobalSecurityParameters Section

The GlobalSecurityParameters section contains the maxClockSkew, HA-FAauth, MN-FAauth, Challenge, and KeyDistribution labels. This section defines the security parameters. The GlobalSecurityParameters section has the following syntax:


[GlobalSecurityParameters]
     MaxClockSkew = n
     HA-FAauth = <yes/no>
     MN-FAauth = <yes/no>
     Challenge = <yes/no>
     KeyDistribution = files

The Mobile IP protocol provides message replay protection by allowing timestamps to be present in the messages. If the clocks differ, the home agent returns an error to the mobile node with the current time and the mobile node can re-register using the current time. You use the MaxClockSkew label to configure the maximum number of seconds that differ between the home agent and the mobile node's clocks. The default value is 300 seconds.

The HA-FAauth and MN-FAauth labels enable or disable the requirement for home-foreign and mobile-foreign authentication, respectively. The default value is disabled. You use the challenge label so that the foreign agent issues challenges to the mobile node in its advertisements. The label is used for replay protection. The default value is disabled here, also.

The following table describes the labels and values that you can use in the GlobalSecurityParameters section.

Table 2-2 GlobalSecurityParameters Section Labels and Values

Label 

Value 

Description 

MaxClockSkew

n

The number of seconds that mipagent accepts as a difference between its own local time and the time found in registration requests. 

HA-FAauth

yes or no

Specifies if HA-FA authentication extensions must be present in registration requests and replies. 

MN-FAauth

yes or no

Specifies if MN-FA authentication extensions must be present in registration requests and replies. 

Challenge

yes or no

Specifies if the foreign agent includes challenges in its mobility advertisements. 

KeyDistribution

files

Must be set to files.