Tunnel Management In A Radius-Only Network; How The Tms Database Works - Bay Networks Baystream 7 Configuration And Troubleshooting Manual

Bay dial vpn services

Hide thumbs Also See for Baystream 7:

Notice (140 pages)

Software manual (46 pages)

Install manual (38 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

Table of Contents

Configuring and Troubleshooting Bay Dial VPN Services

•

Tunnel Management in a RADIUS-only Network

The RADIUS-only solution integrates the TMS database functions into the

RADIUS server that resides on the service provider network. This RADIUS

server recognizes the format of the VPN identiﬁer in the user name and returns

tunnel information to the NAS. The NAS uses the tunnel information to establish

a connection to the gateway. Once the connection is up, the user authentication

information is forwarded to the indicated authentication server.

Refer to Chapter 5 for more information about the contents of the TMS database.

How the TMS Database Works

The TMS database (by default, UNIX ndbm) resides in the Tunnel Management

Server, which resides on the service provider's network. The main function of this

database is to verify the username (or domain) information supplied by the NAS.

It also supplies the NAS with the tunnel addressing information (in the Grant

message) it needs to create a tunnel for a remote user. The Dial VPN administrator

enters the domain information and the tunnel addressing information into the

database as part of the TMS conﬁguration process.

When TMS receives a lookup request from the NAS, it parses the username into

the user and domain name and DNIS and creates a Domain/0 or Domain/DNIS

key. The TMS database uses this key to ﬁnd a match in the database with the

supplied username. If the key matches an existing entry, TMS checks to make sure

that the maximum number of users is less than the conﬁgured maximum. If so,

TMS sends a Grant message to indicate that the user is a Dial VPN user. The

Grant message contains the tunnel addressing information.

2-6

Home agent's IP address on the gateway (the IP address of the gateway end of

the IP tunnel)

Current number of users

Type of connection between the gateway and the CPE router on the remote

node's home network

Primary and secondary RADIUS server IP addresses

Authentication protocol information

BayStream Multiservice Software Version 7.2

115623B Rev. 00

Table of Contents

Chapters

Table of Contents

Troubleshooting

This manual is also suitable for:

Remote annex Baydvs Bay dial vpn

Tunnel Management In A Radius-Only Network; How The Tms Database Works - Bay Networks Baystream 7 Configuration And Troubleshooting Manual

Tunnel Management in a RADIUS-only Network

How the TMS Database Works

Chapters

Troubleshooting

Related Manuals for Bay Networks Baystream 7

Related Content for Bay Networks Baystream 7

This manual is also suitable for:

Table of Contents