Setting Up Virtual Private Networks
Configuring ATMP tunnels
MAX 6000/3000 Network Configuration Guide 11-3
two-second intervals, timing out and logging a message if it receives no response to the
requests.
6The Home Agent requests a password before it creates the tunnel.
7The Foreign Agent returns an encrypted version of the Ascend-Home-Agent-Password
value found in the mobile clients RADIUS profile. This password must match the Home
Agents Password parameter in the ATMP configuration in the Ethernet profile.
8The Home Agent returns a RegisterReply with a number that identifies the tunnel. If
registration fails, the MAX logs a message and the Foreign Agent disconnects the mobile
client. If registration succeeds, the MAX creates the tunnel between the Foreign Agent
and the Home Agent.
9When the mobile client disconnects from the Foreign Agent, the Foreign Agent sends a
DeregisterRequest to the Home Agent to close the tunnel.
The Foreign Agent can send its request a maximum of ten times, or until it receives a
DeregisterReply. If the Foreign Agent receives packets for a mobile client whose
connection has been terminated, the Foreign Agent silently discards the packets.
Setting the UDP port
By default, ATMP agents use UDP port 5150 to exchange control information while
establishing a tunnel. If the Home Agent ATMP profile specifies a different UDP port number,
all tunnel requests to that Home Agent must specify that UDP port.
Note: A system reset is required for the ATMP subsystem to recognize the new UDP port
number.
Setting an MTU limit
The type of link that connects a Foreign Agent and Home Agent determines the Maximum
Transmission Unit (MTU). The link may be a dial-up connection, a Frame Relay connection,
or an Ethernet link, and it may b e on a local network or routed thro ugh multiple hops. If the
link between devices is multihop (traverses more than one network segment), the path MTU is
the minimum MTU of the intervening segments.
Figure 11-2 shows an ATMP setup across an Ethernet segment, which limits the path MTU to
1500 bytes.
Figure 11-2. Path MTU on an Ethernet segment
To avoid packet fragmentation and reassembly, every segment of the link between the agents
must accommodate an MTU of at least smaller than 1528 bytes (unless the packets are
compressed). You can push fragmentation and reassembly tasks to connection end-points (a
mobile client and a device on the home network) by setting an MTU limit. Client software then
WAN
PPP client
Home network
Foreign Agent Home Agent Home
router