From aram2306 at yahoo.it Thu Nov 2 01:12:54 2006 From: aram2306 at yahoo.it (Aram Gurekian) Date: Thu, 2 Nov 2006 07:12:54 +0000 (GMT) Subject: [Ascend] AITMD/ATMP does not encapsulate packets back into VPN tunnel Message-ID: <20061102071254.85364.qmail@web25014.mail.ukl.yahoo.com> Hello, I am having trouble with a couple of GRF Ascend, OS 1.4.20.3. I never even heard about them until problems arose and I have been hurled into the fray. Now I have an issue I'm not able to solve, and it's almost two days that I'm stuck on it. :( The remote users can authenticate, but then they can't get to their home network. If I do a tcpdump on the internal interface (ethernet ge030) I can see packets going to the HN and getting back. But it seems like they're actually never getting to the client, since the client never sends an ACK(knowledge). So I tried to investigate further. At the following step it seems like the packets are supposed to enter a sort of virtual circuit (I can only guess this is needed because GRF can only act in gateway mode, as I read somewhere). The next interface on which I expect to find the flow is ga010, and doing a tcpdump I can see the same output I see on ge030. Then I did a tcpdump on ga0180 and I could only see one-way traffic! Id est, from the vpn clients to the home network, but none in the opposite direction. The route to the vpn clients is like that: # netstat -nr | grep 10.2.227 10.2.227.202 192.168.0.2 UGH 0 0 ga010 The interfaces involved are: #### ifconfig -a ga010: gritatm flags=b043 inet 192.168.0.1 netmask 0xfffffffc broadcast 192.168.0.3 ga0180: gritatm flags=4000b043 #### and the aitmd.conf file shows: #### aitmd.conf home_network { name ; # Home Network home_agent_addr ; # Home Agent interface { name ga0180; # Interface Name vpn_addr 192.168.0.2; # Virtual Address vpn_netmask_size 30; # Virtual Netmask ripv2 { # Enable Rip V2 enabled yes; metric 2; } } force_fragmentation yes; bad_source_notification no; } #### #### gratm.conf Signalling card=1 connector=top protocol=NONE Signalling card=1 connector=bottom protocol=NONE Interface ga010 traffic_shape=ATMp PVC ga010 0/32 proto=ip Interface ga0180 traffic_shape=ATMp PVC ga0180 0/32 proto=llc_atmp #### (part of) the output of "grstat -a ip" is 0 packets ATMP encapsulated 930819 packets ATMP decapsulated So I think that the problem is into my Home Agent (the GRF) and not the Foreign Agents. I even tried a couple of restarts of the device and of aitmd and gdc, but without success. If anybody could shed some light on this issue I would greatly appreciate it. Thank you in advance for any hint! Ciao Aram __________________________________________________ Do You Yahoo!? Poco spazio e tanto spam? Yahoo! Mail ti protegge dallo spam e ti da tanto spazio gratuito per i tuoi file e i messaggi http://mail.yahoo.it