Internet Protocol Security (IPSec) is used to protect traffic between two peers by authenticating the sender, ensuring the integrity of the packets, and encrypting packets that are sent to a peer. A peer is any device that has IPSec capability: a Security Gateway, Home Agent or Network Host, for example, are all considered peers. Two peers negotiate one or more Security Agreements (SA) comprised of keys that allow the peers to tunnel traffic over IPv4 or IPv6.
IPSec capability is provided with the Mobile IP and L2TP Secure VPN Gateway applications, and the optional Dynamic IPSec feature provides IPSec support for Data Traffic, MIPv4, L2TP, and Diameter testing. When you include IPSec in a test, tunnels are set up and torn down by the test case as needed. Individual tunnels, and in some cases multiple tunnels, are established for each MN or emulated network node. The parameters that define the credentials used for authentication and the hash and encryption types are contained within the test case. One test server can support up to 200,000 IPSec SAs, and up to 100,000 SAs can be supported when digital certificates are used.
When digital certificates are used for authentication, you can generate RSA private keys and signed X.509 certificates with the Certificate Authority (CA) that runs on the test server. You can also import your own keys and certificates and convert files from one format to another to conform with SUT requirements.
IPSec can be used to protect control plane traffic between network nodes or between MNs and network nodes in the following test cases.
IPv6 HA Nodal — Encrypt some or all traffic between the MNs and the HA.
LNS Nodal and LNS Node — Encrypt L2TP traffic between the LAC and the LNS.
FA Nodal and HA Nodal — Encrypt traffic between the FAs and the HA.
AAA Server Nodal and AAA Server Node — Encrypt Diameter traffic between the NAS and the server.
DCCA Server Nodal and DCCA Server Node — Encrypt Diameter traffic between the client and the server.
PDG Micro-Mobility (mandatory) — Encrypt all traffic between the MNs and the PDG.
Data IPSec can be used to encrypt Data Traffic between MNs and an IPSec gateway or peer in all data-capable test cases.