Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Mobile IP and Home Agent NAT

I am trying to configure a Home Agent in a mobile IP environment. The HA connects to an RFC1918 addressed LAN segment. This LAN segment connects to the Internet via a PIX 525. The PIX has a static 1-to-1 NAT for the Home Agent. Tha NAT provides a Internet-advertisable address for the HA.

The mobile IP clients are connected to the Internet. The mobile IP clients do not sit behind a firewall; they have Internet routable IP addresses. They will connect to the HA through the PIX 525 protecting the HA.

In reading the mobile IP RFC, the registration request contains the IP address associated with the HA as data within the request.

Will this be an issue in my environment? The incoming registration request will have the publically routable IP address for the HA as user data. Does the PIX have a fix-up to convert the data within the registation request to the real RFC1918 address? If not, will the HA be able to process the incoming registration request when the data contains the NAT'ed public IP address?


Re: Mobile IP and Home Agent NAT

The "ip mobile secure" statement sets up encryption between devices specified. On the home-agent we configure an "ip mobile secure foreign-agent" with the foreign agent's IP address. Correspondingly, we configure an "ip mobile secure home-agent" statement on the foreign agent with the home agent's IP address. Also on the foreign agent we configure "ip mobile secure visitor" for secure tunneling between the router and the visitor's PC. The PC will need to have key generation software if this is used.