advpn组网client无法注册到server

现场为advpn组网，总部为一台MSR5660路由器，充当hub和server角色，采用本地认证，分部为MSR810作为spoke

现场关键配置如下：

1.总部配置

# ospf 1 

 area 0.0.0.0 

 network 192.168.1.1 0.0.0.0

#

interface GigabitEthernet2/0/1 

 port link-mode route 

 combo enable copper 

 ip address x.x.x.x 255.255.255.252

 nat outbound

#

 interface Tunnel1 mode advpn udp 

 ip address 192.168.1.1 255.255.255.0 

 ospf network-type p2mp 

 source GigabitEthernet2/0/1 

 tunnel protection ipsec profile zongbu1 

 vam client hub1 compatible advpn0

# 

radius scheme zongbu1 

key authentication simple XXXX  

key accounting  simple XXXX  

user-name-format without-domain

# 

domain zongbu1 

 authentication advpn local 

# 

 domain default enable zongbu1

# 

local-user changfa class network 

 password simple XXXX 

 service-type advpn 

 authorization-attribute user-role network-operator

#

ipsec transform-set zongbu1

esp encryption-algorithm des-cbc 

 esp authentication-algorithm md5 

 #

 ipsec profile zongbu1 isakmp 

 transform-set zongbu1 

 ike-profile zongbu1 

#

 ike profile zongbu1 

 keychain zongbu1

 # 

ike keychain zongbu1 pre-shared-key address 0.0.0.0 0.0.0.0 key simple XXXX

# 

vam client name changfa 

#

 vam client name hub1 

 advpn-domain zongbu1 

 server primary ip-address x.x.x.x

 pre-shared-key  simple XXXX      

user hub1 password  simple XXXX     

 client enable 

# 

vam server advpn-domain zongbu1 id 1 

 pre-shared-key simple XXXX  

 authentication-method chap domain zongbu1 

 keepalive interval 10 retry 3 

 server enable 

 hub-group 0 

 hub private-address 192.168.1.1 public-address x.x.x.x

 spoke private-address range 192.168.1.0 192.168.1.255

2.分部配置（采用pppoe拨号上网）

# ospf 1 

 area 0.0.0.0 

 network 192.168.1.2 0.0.0.0

# 

interface Tunnel1 mode advpn udp

 ip address 192.168.1.2 255.255.255.0 

 ospf network-type p2mp 

 source Dialer0 

 tunnel protection ipsec profile 1 

 vam client changfa

# 

ipsec transform-set 1 

 esp encryption-algorithm des-cbc 

 esp authentication-algorithm md5 

 # 

ipsec profile 1 isakmp

 transform-set 1 

 ike-profile 1 

#

 ike profile 1 

 keychain 1 

#

 ike keychain 1 

 pre-shared-key address 0.0.0.0 0.0.0.0 

key simple XXXX  

# 

vam client name changfa 

 advpn-domain zongbu1 

 server primary ip-address x.x.x.x

 pre-shared-key  simple XXXX      

 user changfa password simple XXXX  

 client enable

检查设备配置，没有发现问题，确认过两端的密钥配置的也是一致的，公网也跟现场确认是通的，分部用户拨号上网一切正常，用MSR3620复现现场的配置，发现advpn隧道能够正常建立，但是现场的组网情况下vam client无法注册到server上，隧道建立不成功。

[R1]display vam server address-map 

 ADVPN domain name: zongbu1 

 Total private address mappings: 0 

 [R1]display advpn session 

 Interface : Tunnel1 

 Number of sessions: 0

经过排查，总部的MSR5660属于分布式设备，在配置advpn时需要指定处理流量的slot，通过service slot xx命令指定，现场指定slot后advpn恢复正常。