Using Radius For Dynamic Ip Address Allocation; Starting The Connection - Bay Networks Baystream 7 Configuration And Troubleshooting Manual

Bay dial vpn services

Hide thumbs Also See for Baystream 7:

Notice (140 pages)

Software manual (46 pages)

Install manual (38 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

Table of Contents

Configuring and Troubleshooting Bay Dial VPN Services

Using RADIUS for Dynamic IP Address Allocation

Each dial-in user retains a unique IP address for the duration of the dial-in session.

Dial VPN relies on the BSAC RADIUS server on the user's home network to

provide those addresses, allocating them either statically or dynamically. In static

allocation, the RADIUS administrator assigns speciﬁc addresses for speciﬁc

users. In dynamic allocation, the administrator allocates a pool of IP addresses

from which the RADIUS server selects an address to assign.

The BayStream administrator conﬁgures the IP address of a RADIUS server that

uses dynamic address allocation and also enables dynamic address allocation on

the gateway for that server connection.

When a user dials in to a network using dynamic address allocation, RADIUS

authenticates the user and assigns an IP address from the pool. That user has

exclusive use of that address for the duration of the connection. RADIUS also

maintains a database of assigned addresses. This prevents duplicate assignments if

the server fails.

When the connection ends, the released IP address returns to the pool, at the end

of the assignment queue.

To implement dynamic IP address allocation, Dial VPN requires that the program

BaySecure be installed on the RADIUS server on the customer's home network.

BaySecure is a robust implementation of the draft IETF RADIUS speciﬁcation,

compliant with RFC 2058 and RFC 2059.

For information about BaySecure, contact your Bay Networks sales

representative.

Starting the Connection

When a user at a remote node dials a Dial VPN service provider, the NAS ﬁrst

determines whether this is a tunnel candidate. If so, the NAS ﬁrst accesses the

TMS database and contacts the gateway, which starts the authentication process.

The gateway gets an IP address from the RADIUS server on the user's home

network, and the Remote Annex builds a tunnel to a gateway and starts sending

the GRE-encapsulated packets. The process involves the following steps.

2-10

A user at a remote node dials the phone number of a Dial VPN service

provider. The user also enters user information, as required by the

connection process.

BayStream Multiservice Software Version 7.2

115623B Rev. 00

Table of Contents

Chapters

Table of Contents

Troubleshooting

This manual is also suitable for:

Remote annex Baydvs Bay dial vpn

Using Radius For Dynamic Ip Address Allocation; Starting The Connection - Bay Networks Baystream 7 Configuration And Troubleshooting Manual

Using RADIUS for Dynamic IP Address Allocation

Starting the Connection

Chapters

Troubleshooting

Related Manuals for Bay Networks Baystream 7

Related Content for Bay Networks Baystream 7

This manual is also suitable for:

Table of Contents