[Ascend] AITMD/ATMP does not encapsulate packets back into VPN tunnel

[Aram Gurekian]

Hello,

I am having trouble with a couple of GRF Ascend, OS 1.4.20.3.

I never even heard about them until problems arose and I have been 
hurled into the fray.

Now I have an issue I'm not able to solve, and it's almost two days that 
I'm stuck on it.  :( 



The remote users can authenticate, but then they can't get to their home 
network.

If I do a tcpdump on the internal interface (ethernet ge030) I can see 
packets going to the HN and getting back.

But it seems like they're actually never getting to the client, since 
the client never sends an ACK(knowledge).

So I tried to investigate further.

At the following step it seems like the packets are supposed to enter a 
sort of virtual circuit (I can only guess this is needed because GRF can 
only act in gateway mode, as I read somewhere).

The next interface on which I expect to find the flow is ga010, and 
doing a tcpdump I can see the same output I see on ge030.

Then I did a tcpdump on ga0180 and I could only see one-way traffic! Id 
est, from the vpn clients to the home network, but none in the opposite 
direction.



The route to the vpn clients is like that:



# netstat -nr | grep 10.2.227

10.2.227.202       192.168.0.2        UGH         0        0  ga010





The interfaces involved are:

#### ifconfig -a

ga010: gritatm flags=b043<UP,BROADCAST,RUNNING,LINK0,LINK1,MULTICAST>

       inet 192.168.0.1 netmask 0xfffffffc broadcast 192.168.0.3

ga0180: gritatm 
flags=4000b043<UP,BROADCAST,RUNNING,LINK0,LINK1,MULTICAST,VPN>

####





and the aitmd.conf file shows:

#### aitmd.conf

home_network  {

       name <XYZ>;                        # Home Network

       home_agent_addr <xxx.public.address.yyy>;    # Home Agent

       interface {

               name ga0180;            # Interface Name

               vpn_addr 192.168.0.2;   # Virtual Address

               vpn_netmask_size 30;    # Virtual Netmask

               ripv2 {                 # Enable Rip V2

                       enabled yes;

                       metric 2;

               }

       }

       force_fragmentation yes;

       bad_source_notification no;

}

####





#### gratm.conf

Signalling card=1 connector=top protocol=NONE

Signalling card=1 connector=bottom protocol=NONE



Interface ga010  traffic_shape=ATMp

PVC ga010  0/32 proto=ip



Interface ga0180  traffic_shape=ATMp

PVC ga0180  0/32 proto=llc_atmp

####



(part of) the output of "grstat -a ip" is

          0 packets ATMP encapsulated

        930819 packets ATMP decapsulated



So I think that the problem is into my Home Agent (the GRF) and not the 
Foreign Agents.

I even tried a couple of restarts of the device and of aitmd and gdc, 
but without success.



If anybody could shed some light on this issue I would greatly 
appreciate it.

Thank you in advance for any hint!



Ciao



Aram














__________________________________________________
Do You Yahoo!?
Poco spazio e tanto spam? Yahoo! Mail ti protegge dallo spam e ti da tanto spazio gratuito per i tuoi file e i messaggi 
http://mail.yahoo.it