Mobile IP Administration Guide

GlobalSecurityParameters Section

The GlobalSecurityParameters section contains the maxClockSkew, HA-FAauth, MN-FAauth, Challenge, and KeyDistribution labels. This section defines the security parameters. The GlobalSecurityParameters section has the following syntax:

     MaxClockSkew = n
     HA-FAauth = <yes/no>
     MN-FAauth = <yes/no>
     Challenge = <yes/no>
     KeyDistribution = files

The Mobile IP protocol provides message replay protection by allowing timestamps to be present in the messages. If the clocks differ, the home agent returns an error to the mobile node with the current time and the mobile node can re-register using the current time. You use the MaxClockSkew label to configure the maximum number of seconds that differ between the home agent and the mobile node's clocks. The default value is 300 seconds.

The HA-FAauth and MN-FAauth labels enable or disable the requirement for home-foreign and mobile-foreign authentication, respectively. The default value is disabled. You use the challenge label so that the foreign agent issues challenges to the mobile node in its advertisements. The label is used for replay protection. The default value is disabled here, also.

The following table describes the labels and values that you can use in the GlobalSecurityParameters section.

Table 2-2 GlobalSecurityParameters Section Labels and Values






The number of seconds that mipagent accepts as a difference between its own local time and the time found in registration requests. 


yes or no

Specifies if HA-FA authentication extensions must be present in registration requests and replies. 


yes or no

Specifies if MN-FA authentication extensions must be present in registration requests and replies. 


yes or no

Specifies if the foreign agent includes challenges in its mobility advertisements. 



Must be set to files.