Setup of a mobile APNs

By | March 14, 2014

Anyone out there know what a mobile APN is?

Here is the definition from Wiki:

 An Access Point Name (APN) is the name of a gateway between a GPRS, 3G or 4G mobile network and another computer network, frequently the public Internet.

A mobile device making a data connection must be configured with an APN to present to the carrier. The carrier will then examine this identifier to determine what type of network connection should be created, for example: what IP addresses should be assigned to the wireless device, what security methods should be used, and how or if, it should be connected to some private customer network.

With that being said has anyone had to setup an APN connection to your network? I’m going to bet most have not.

My company has had to setup two APN from different providers.  AT&T and Verizon.

 

Here is how the connection works:

APNdiagram

APN Diagram

With AT&T here is the IPSEC connection diagram:

APNHowitWorks

AT&T APN IPSEC digram

 

These connections require BGP routing.  At my current company we have SonicWALLs for our VPNs.  Three years ago SopnicWALL supported BGP.  The current SonicWALL firmware, at the time of implimentation, did not support BGP.  So we purchased two CISCO 891 Security Routers.

Here it the configuration without passwords and/or IP addresses.

crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
!
crypto isakmp policy 2
encr aes 256
authentication pre-share
group 2
crypto isakmp key XXXXXXXXXXXXX address XXX.XXX.XXX.XXX
!
!
crypto ipsec transform-set CCC-TSET esp-aes 256 esp-sha-hmac
mode transport
!
crypto map CCC-MAP 10 ipsec-isakmp
set peer XXX.XXX.XXX.XXX
set transform-set CCC-TSET
match address 172
!
!
!
!
!
interface Tunnel0
ip address 192.168.0.1 255.255.255.0 (internal IP- this only used through the tunnel.  I recommend a 30 subnet mask)
tunnel source EEE.EEE.EEE.EEE (Your external IP)
tunnel destination XXX.XXX.XXX.XXX
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
no ip address
!
interface FastEthernet5
no ip address
!
interface FastEthernet6
no ip address
!
interface FastEthernet7
no ip address
!
interface FastEthernet8
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0
ip address YYY.YYY.YYY.YYY 255.255.255.0
duplex auto
speed auto
crypto map VZW-MAP
!
interface Vlan1
description mobile
ip address III.III.III.III 255.255.255.0 (This is your real internal IP)
!
interface Async1
no ip address
encapsulation slip
!
router bgp NNNNN (BGP number – has to match on both sides)
bgp log-neighbor-changes
neighbor YYY.YYY.YYY.YYY remote-as ####
neighbor YYY.YYY.YYY.YYY default-originate
!
ip forward-protocol nd
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip route 0.0.0.0 0.0.0.0 (external GW)
!
access-list 172 remark CCP_ACL Category=20
access-list 172 permit gre host EEE.EEE.EEE.EEE host XXX.XXX.XXX.XXX

Once the VPN/BGP routes are online you are ready to start receiving data.

Please feel free to comment or ask questions.

Leave a Reply