How Tunnel Management Works; Tunnel Management In An Erpcd-Based Network - Bay Networks Baystream 7 Configuration And Troubleshooting Manual

11.

How Tunnel Management Works

Tunnel management operates differently on erpcd-based and RADIUS-only
networks, but the end result is the same.

Tunnel Management in an erpcd-based Network

For an erpcd-based network, the Tunnel Management System (TMS) runs on the
same host as the Annex (erpcd) and Access Control Protocol (ACP) software.
TMS verifies that the user at the remote node is a Dial VPN user. If the domain
portion of the username exists in the TMS database, ACP increases the number of
current users by one and sends a Grant message to the Remote Annex. The Grant
message contains the tunnel addressing information needed to send a packet from
the remote node to the home network.
The Grant message contains the following information, which is stored in the
TMS database. For a Dial VPN user, the NAS sends this information to the
RADIUS client on the gateway, which in turn sends an authentication and address
request to the RADIUS server on the remote node's home network. When the
RADIUS server responds, authenticating the user, the NAS establishes the tunnel.
•
•
Note: The default value for DNIS is 0 as well. The Remote Annex
administrator can change this value.
115623B Rev. 00
• The CPE router is configured with a frame relay connection to the Dial
VPN gateway (including a static route and an adjacent host if the CPE
router is not a Cisco device), and a separate but similar frame relay
connection to the RADIUS client on the gateway. Refer to
more information.
• Any shared information, such as passwords, "secrets," or phone numbers,
is consistent across the link.
Individually test each network component, then test the entire system.
Remote node's domain name
DNIS -- for 6300/5393 and 8000/5399 platforms, this is the called number;
for other platforms, it's 0 (zero)
BayStream Multiservice Software Version 7.2
Dial VPN Network Concepts
Chapter 9 for
2-5