01-23-2002 10:34 PM - edited 02-21-2020 09:58 AM
Instead of Home Agent(Router 7507),
I tried to use AAA Server and the instruction is as follow;
user = 20.0.0.1 {
service = mobileip {
set spi#0 = ¡°spi 100 key hex 12345678123456781234567812345678¡±
¡±
}
}
I don't know how to configure above the format on my ACS 3.0.
Please help me out.
01-24-2002 06:31 AM
1. you need to define a new service in ACS3 which is called mobile ip. For this, first ensure that there is a TACACS+ NAS defined in network configuration.
2. Go to interface configuration->TACACS+ Cisco IOS,
Under new services, tick the first check box,
type mobileip in service textbox, in protocol type ip
now submit. IF there is not even a single tac+
NAS in the config, you will NOT see the TACACS+ CIsco IOS option in interface configuration !!!!
3. Go to group properties now and under tacacs+, at the end of the list, you will find the new service you defined, select the box, select custom attributes and then define
set spi#0 ....
Hope this helps. Pls. let the forum know if this solved your issue.
01-28-2002 09:49 AM
Thank you very much for your appreciation.
But I am afraid that I still have a problem.
During authentication with Cisco Router, I got a debug message as follows;
MobileIP: HA 107 received registration for MN 172.31.3.235 on FastEthernet0/0/0
using COA 172.31.107.17 HA 172.31.107.70 lifetime 7200 options sbdmgVt
MobileIP: HA 107 get SA for MN 172.31.3.235
MobileIP: MN 172.31.3.235 SA is not available from AAA server
MobileIP: MN 172.31.3.235 SA is not configured, request ignored
%IPMOBILE-6-SECURE: Security violation on HA from MN 172.31.3.235 - errcode MN f
ailed authentication (131), reason No mobility security association (1)
I checked the 'spi', 'key' values in MN and had no problem.
What would be the real problem ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide