06-06-2007 04:31 AM - edited 03-03-2019 05:19 PM
Hi!
I have a problem with my mobile IP configuration. The router has only one interface and therefore I have to use a virtual network.
The MN binds to the HA correctly, no errors. But if i want to ping a machine in the internet the packets arrive at the HA and then nothing happens.
Debugging the tunnel gives me:
02:55:45: Tunnel0: MIP UDP/IP to classify 89.160.251.115->219.201.105.232(len=116 ttl=53 tos=0x0)
On the other hand the mobile IP client seems to ping the HA and then this appears:
02:55:50: Tunnel0: MIP UDP/IP to classify 89.160.251.115->219.201.105.232 (len=60 ttl=53 tos=0x0)
02:55:50: UDP: rcvd src=89.160.251.115(10), dst=219.201.105.232(434), length=40
02:55:50: Tunnel0: to decaps MIPUDP/IP packet 89.160.251.115:10->219.201.105.232:434 (len=60, ttl=53)
02:55:50: Tunnel0: decapsulated MIPUDP/IP packet 10.10.10.5->219.201.105.232 (len=28 ttl=63)
02:55:50: IP: s=10.10.10.5 (Tunnel0), d=219.201.105.232, len 28, rcvd 4
02:55:50: ICMP: echo reply sent, src 219.201.105.232, dst 10.10.10.5
02:55:50: IP: tableid=0, s=219.201.105.232 (local), d=10.10.10.5(Tunnel0), routed via FIB
02:55:50: IP: s=219.201.105.232 (local), d=10.10.10.5 (Tunnel0), len 28, sending
02:55:50: MIPUDP encapsulating IP packet 219.201.105.232->10.10.10.5 (len=28, ttl=255)
02:55:50: UDP: sent src=219.201.105.232(434), dst=89.160.251.115(10)
02:55:50: Tunnel0: MIPUDP/IP encapsulated 219.201.105.232->89.160.251.115 (linktype=7, len=60)
So it seems that the tunneld ping requests are not decapsulatedd, but I don't know why.
If anybody could help me it would be very nice.
Greetings, Niklas
06-06-2007 05:38 AM
Hi
Could you send a copy of the config you are using
Jon
06-06-2007 11:55 PM
Hi!
Of course and excuse me for not doing it in my first post.
The config is:
Current configuration : 1212 bytes
!
version 12.4
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname MobiSenseHA
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxx
enable password xxx
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
!
!
ip domain name mobisense
ip name-server 194.x.x.129
!
!
!
username xxx password 0 xxx
!
!
ip ssh rsa keypair-name xxx
ip ssh logging events
!
!
!
interface FastEthernet0/0
ip address 219.201.x.x.255.255.0
ip information-reply
no ip unreachables
ip nat enable
duplex auto
speed auto
!
router mobile
!
ip route 0.0.0.0 0.0.0.0 219.201.105.2
!
ip http server
no ip http secure-server
ip mobile home-agent
ip mobile virtual-network 10.10.10.0 255.255.255.0
ip mobile host nai mobitest address 10.10.10.5 virtual-network 10.10.10.0 255.255.255.0
ip mobile secure host nai mobitest spi decimal xxx key ascii xxx algorithm md5 mode prefix-suffix
!
access-list 1 permit any
!
!
control-plane
!
!
!
gateway
timer receive-rtp 1200
!
!
line con 0
line aux 0
line vty 0 4
login local
!
!
end
I hope anybody can find the error.
Greetings, Niklas
06-07-2007 12:02 AM
Niklas
As you say it looks like the mobile client can ping the HA - is this correct.
What address are you trying to ping on the internet and do you have debugging for that packet connection.
Jon
06-07-2007 12:49 AM
Hi!
The mobile node can ping the HA, but there's a route set to it over a physical interface and therefore the ping is not using the tunnel, so that's nothing to wonder about. The mobile client seams to ping the HA irregular and this ping travels along the tunnel and is then answered by the HA correctly.
The problem appears if I try to ping any site and surfing does not work, too.
Every packet I try to send from the mobile node appears at the tunnel on the HA, but then it does not appear as a UDP packet.
On the mobile node everything looks correct. The packet is encapsulated and then sent via the physical interface.
What do you exactly mean with debugging for the connection?
Greetings, Niklas
06-07-2007 01:29 AM
Niklas
Must admit it's been a while since i did mobile IP so i have just done a quick refresher course !.
Could you just confirm this is what you expect to happen.
1) From the MN you ping a destination on the internet.
2) The ping gets encapsulated and sent down the tunnel
3) The HA decapsulates the packet and
4) Forwards the packet on to the internet ??
If this is what you are expecting have you ensured that your NAT is working at the HA. Have you done some debugging on the internet connected interface to see if packets are actually going out towards the destination host ?
Sorry for all the questions :-)
Jon
06-07-2007 02:29 AM
.
06-07-2007 02:31 AM
.
06-07-2007 02:32 AM
Hi!
1 to 4 are correct. I tried several NAT configurations. But I'm a little bit confused, because I have only this one physical interface. Is it inside or outside? I would say outside, but how can I assign a inside NAT to the virtual network.
But what I'm mostly wondering about is why not every MIP packet received is decapsulated and appearing as UDP packet in the debugging. And why are some packets (the packets sent by the mobile IP client automatically) correctly treated...
Greetings, Niklas
06-07-2007 02:58 AM
Niklas
Just for clarity
HA = Home Agent
MN = MObile Node ie. your mobile IP client
CN = Correspondent Node ie. a remote host on the internet
I need to read some more but from the Cisco docs and memory when an MN on the internet sends a packet to a CN on the internet it does not send it via the HA but sends it direct to the CN. It sends it with it's virtual address so the CN sends traffic back via the HA which then tunnels it back to the MN.
Obviously for this to work the virtual network address has to be publically routable and yours aren't.
My question at present is when you ping from your MN to a CN on the internet do you see ANY traffic arriving at your HA from the (edit **) MN because i'm not sure you will as it may well be sent direct to the CN.
The only traffic you seem to be seeing is traffic from the MN directed to the HA and this is what you would expect.
There is a feature called reverse tunneling which may fix this. I will have a read myself when i get a chance.
HTH
Jon
06-07-2007 03:23 AM
Hi!
I made a little difference between mobile node and mobile client, because the client generates the ping which is correctly decapsulated.
I'm using the reverse tunneling feature and therefore packets from the MN arrive at the HA.
Greetings, Niklas
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: