Mobile IP problem

Unanswered Question
Jun 6th, 2007

Hi!

I have a problem with my mobile IP configuration. The router has only one interface and therefore I have to use a virtual network.

The MN binds to the HA correctly, no errors. But if i want to ping a machine in the internet the packets arrive at the HA and then nothing happens.

Debugging the tunnel gives me:

02:55:45: Tunnel0: MIP UDP/IP to classify 89.160.251.115->219.201.105.232(len=116 ttl=53 tos=0x0)

On the other hand the mobile IP client seems to ping the HA and then this appears:

02:55:50: Tunnel0: MIP UDP/IP to classify 89.160.251.115->219.201.105.232 (len=60 ttl=53 tos=0x0)

02:55:50: UDP: rcvd src=89.160.251.115(10), dst=219.201.105.232(434), length=40

02:55:50: Tunnel0: to decaps MIPUDP/IP packet 89.160.251.115:10->219.201.105.232:434 (len=60, ttl=53)

02:55:50: Tunnel0: decapsulated MIPUDP/IP packet 10.10.10.5->219.201.105.232 (len=28 ttl=63)

02:55:50: IP: s=10.10.10.5 (Tunnel0), d=219.201.105.232, len 28, rcvd 4

02:55:50: ICMP: echo reply sent, src 219.201.105.232, dst 10.10.10.5

02:55:50: IP: tableid=0, s=219.201.105.232 (local), d=10.10.10.5(Tunnel0), routed via FIB

02:55:50: IP: s=219.201.105.232 (local), d=10.10.10.5 (Tunnel0), len 28, sending

02:55:50: MIPUDP encapsulating IP packet 219.201.105.232->10.10.10.5 (len=28, ttl=255)

02:55:50: UDP: sent src=219.201.105.232(434), dst=89.160.251.115(10)

02:55:50: Tunnel0: MIPUDP/IP encapsulated 219.201.105.232->89.160.251.115 (linktype=7, len=60)

So it seems that the tunneld ping requests are not decapsulatedd, but I don't know why.

If anybody could help me it would be very nice.

Greetings, Niklas

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
niklaskirschnick Wed, 06/06/2007 - 23:55

Hi!

Of course and excuse me for not doing it in my first post.

The config is:

Current configuration : 1212 bytes

!

version 12.4

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname MobiSenseHA

!

boot-start-marker

boot-end-marker

!

enable secret 5 xxx

enable password xxx

!

no aaa new-model

no network-clock-participate slot 1

no network-clock-participate wic 0

ip cef

!

!

!

!

ip domain name mobisense

ip name-server 194.x.x.129

!

!

!

username xxx password 0 xxx

!

!

ip ssh rsa keypair-name xxx

ip ssh logging events

!

!

!

interface FastEthernet0/0

ip address 219.201.x.x.255.255.0

ip information-reply

no ip unreachables

ip nat enable

duplex auto

speed auto

!

router mobile

!

ip route 0.0.0.0 0.0.0.0 219.201.105.2

!

ip http server

no ip http secure-server

ip mobile home-agent

ip mobile virtual-network 10.10.10.0 255.255.255.0

ip mobile host nai mobitest address 10.10.10.5 virtual-network 10.10.10.0 255.255.255.0

ip mobile secure host nai mobitest spi decimal xxx key ascii xxx algorithm md5 mode prefix-suffix

!

access-list 1 permit any

!

!

control-plane

!

!

!

gateway

timer receive-rtp 1200

!

!

line con 0

line aux 0

line vty 0 4

login local

!

!

end

I hope anybody can find the error.

Greetings, Niklas

Jon Marshall Thu, 06/07/2007 - 00:02

Niklas

As you say it looks like the mobile client can ping the HA - is this correct.

What address are you trying to ping on the internet and do you have debugging for that packet connection.

Jon

niklaskirschnick Thu, 06/07/2007 - 00:49

Hi!

The mobile node can ping the HA, but there's a route set to it over a physical interface and therefore the ping is not using the tunnel, so that's nothing to wonder about. The mobile client seams to ping the HA irregular and this ping travels along the tunnel and is then answered by the HA correctly.

The problem appears if I try to ping any site and surfing does not work, too.

Every packet I try to send from the mobile node appears at the tunnel on the HA, but then it does not appear as a UDP packet.

On the mobile node everything looks correct. The packet is encapsulated and then sent via the physical interface.

What do you exactly mean with debugging for the connection?

Greetings, Niklas

Jon Marshall Thu, 06/07/2007 - 01:29

Niklas

Must admit it's been a while since i did mobile IP so i have just done a quick refresher course !.

Could you just confirm this is what you expect to happen.

1) From the MN you ping a destination on the internet.

2) The ping gets encapsulated and sent down the tunnel

3) The HA decapsulates the packet and

4) Forwards the packet on to the internet ??

If this is what you are expecting have you ensured that your NAT is working at the HA. Have you done some debugging on the internet connected interface to see if packets are actually going out towards the destination host ?

Sorry for all the questions :-)

Jon

niklaskirschnick Thu, 06/07/2007 - 02:32

Hi!

1 to 4 are correct. I tried several NAT configurations. But I'm a little bit confused, because I have only this one physical interface. Is it inside or outside? I would say outside, but how can I assign a inside NAT to the virtual network.

But what I'm mostly wondering about is why not every MIP packet received is decapsulated and appearing as UDP packet in the debugging. And why are some packets (the packets sent by the mobile IP client automatically) correctly treated...

Greetings, Niklas

Jon Marshall Thu, 06/07/2007 - 02:58

Niklas

Just for clarity

HA = Home Agent

MN = MObile Node ie. your mobile IP client

CN = Correspondent Node ie. a remote host on the internet

I need to read some more but from the Cisco docs and memory when an MN on the internet sends a packet to a CN on the internet it does not send it via the HA but sends it direct to the CN. It sends it with it's virtual address so the CN sends traffic back via the HA which then tunnels it back to the MN.

Obviously for this to work the virtual network address has to be publically routable and yours aren't.

My question at present is when you ping from your MN to a CN on the internet do you see ANY traffic arriving at your HA from the (edit **) MN because i'm not sure you will as it may well be sent direct to the CN.

The only traffic you seem to be seeing is traffic from the MN directed to the HA and this is what you would expect.

There is a feature called reverse tunneling which may fix this. I will have a read myself when i get a chance.

HTH

Jon

niklaskirschnick Thu, 06/07/2007 - 03:23

Hi!

I made a little difference between mobile node and mobile client, because the client generates the ping which is correctly decapsulated.

I'm using the reverse tunneling feature and therefore packets from the MN arrive at the HA.

Greetings, Niklas

Actions

This Discussion