The GlobalSecurityParameters section contains the maxClockSkew, HA-FAauth, MN-FAauth, Challenge, and KeyDistribution labels. This section defines the security parameters. The GlobalSecurityParameters section has the following syntax:
[GlobalSecurityParameters] MaxClockSkew = n HA-FAauth = <yes/no> MN-FAauth = <yes/no> Challenge = <yes/no> KeyDistribution = files |
The Mobile IP protocol provides message replay protection by allowing timestamps to be present in the messages. If the clocks differ, the home agent returns an error to the mobile node with the current time and the mobile node can re-register using the current time. You use the MaxClockSkew label to configure the maximum number of seconds that differ between the home agent and the mobile node's clocks. The default value is 300 seconds.
The HA-FAauth and MN-FAauth labels enable or disable the requirement for home-foreign and mobile-foreign authentication, respectively. The default value is disabled. You use the challenge label so that the foreign agent issues challenges to the mobile node in its advertisements. The label is used for replay protection. The default value is disabled here, also.
The following table describes the labels and values that you can use in the GlobalSecurityParameters section.
Table 2–2 GlobalSecurityParameters Section Labels and Values