Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (ASCEND) Static routes to an ATMP tunnel



    >> When playing with ATMP stuff, I encountered the following
    >> problem:
    >> 
    >> I defined the following profile in RADIUS, for the mobile node
    >> connecting the foreign agent:
    >> 
    >> foo     Password = "ascend-rules"
    >> User-Service = Framed-User,
    >> Framed-Protocol = PPP,
    >> Framed-Routing = None,
    >> Framed-Address = 172.16.1.1,
    >> Framed-Netmask = 255.255.255.0,
    >> Framed-Route = "172.16.2.0/24 172.16.1.1 1",
    >> Ascend-Idle-Limit = 600,
    >> Ascend-Home-Agent-IP-Addr = 10.0.0.1,
    >> Ascend-Home-Agent-Password = "home-max", 
    >> Ascend-Home-Agent-UDP-Port = 5150
    >> 
    >> Once foo is connected to the FA, I see a route for 172.16.1.0/24
    >> with gateway tunnel0 on the Home agent, but nothing about
    >> 172.16.2.0/24.
    >> sh ip route gives:
    >> 172.16.1.0/24     -               tunnel0  ?      100   2       3       5
    >> 
    >> I tried to add static routes for 172.16.2.0/24 on FA and/or HA,
    >> but it doesn't help.
    >> (a traceroute to 172.16.2.x stops after the HA with * * *, when
    >> the mobile node -172.16.1.1- should answer).
    >> Of course, a traceroute to 172.16.1.1 works perfectly.
    >> 
    >> It seems the tunnel is not usable as a real interface, as it is
    >> with a GRE tunnel on a Cisco.
    >> 
    >> This is quite ennoying, and doesn't help when building intranet,
    >> as the static routing flexibilty is quite decreased.
    >> 
    >> Is this a normal behaviour, or a bug ?
    >> Is there a solution, or can we expect this will be solved soon ?
    Matt> 
    Matt> I'm not sure what exactly you are trying to do. You say you can ping the
    Matt> mobile node, which shows the tunnel is working. This interface should NOT
    Matt> be usable as a normal interface. One of the reasons for VPN's is security.
    Matt> Can you sketch out what exactly you need? Or get with a local Ascend SE who
    Matt> might be able to help in person?

What I am simulating is a case where the mobile node (172.16.1.1/24) has an ISDN
profile to connect to another remote node (172.16.2.1/24)
So I want to route the 172.16.2.0/24 to 172.16.1.1/24, so I can
reach it, as only 172.16.1.1/24 has a link to it (ISDN).
I agree this is a specific configuration but it is realistic,
mainly for economic reasons
(for instance, both remote nodes are far from FA, and the remote
nodes need to exchange specific datas very often, but the other
nodes in the intranet need to send datas to 172.16.2.0/24 less
frequently).
So we want to avoid 2 long-distance ISDN connections when
172.16.1.1/24 wants to talk with 172.16.2.1/24, using a direct
ISDN connection between them, but 172.16.2.1/24 musts be
reachable for the intranet, via 172.16.1.1/24.

Is it clear ?

TIA
Regards.

-- 
David Ponzone / ISDnet
Pager: +33 (0)6 06 41 82 45  Cell: +33 (0)6 60 61 21 63
Email: david@isdnet.net
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.shore.net/~dreaming/ascend-faq>
or		<ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>


References: