Bay Networks Baystream 7 Configuration And Troubleshooting Manual page 43

Bay dial vpn services

Hide thumbs Also See for Baystream 7:

Notice (140 pages)

Software manual (46 pages)

Install manual (38 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

Table of Contents

Note: The system administrator can change the default requirements for the

Dial VPN username format as needed.

115623B Rev. 00

User information usually is a user name and a password.

The remote node sends a PPP packet to start the connection process.

The NAS receives the data packet and passes the username to the TMS on

the Dial VPN service provider's network to determine how to process the

packet.

For Dial VPN, the username must contain one "at" sign (@), followed by at

least one period (.) and at least a 3-character extension. For example, the

username can be lee@abc.com. In this example, lee is the username part that

the NAS uses for authentication. The string @abc.com is the domain name

part that Dial VPN uses to look up this user's entry in the TMS database.

If TMS ﬁnds a match in its database for both the user and domain names, it

determines that this user is a Dial VPN user and a candidate for tunnel

creation. TMS then checks that the number of current connections does not

exceed the maximum number of users allowed.

If the user is not a tunnel candidate, the NAS ﬁrst treats the request as a proxy

RADIUS request and attempts to authenticate this user in the usual way. Refer

to the description of proxy RADIUS in the BSAC Administration Guide for

your platform.

If the dial-in request is a tunnel candidate, the NAS starts the

authentication process and builds a tunnel.

Once it has determined that this request is a tunnel candidate, TMS tells the

NAS to contact the gateway for remote authentication, where authentication

and address allocation will take place. For a given domain, authentication and

address allocation can take place locally, using ACP (in an erpcd-based

network), or remotely, using RADIUS and DHCP on the customer's network.

If the request is not a tunnel candidate, the NAS uses local (instead of remote)

authentication.

The NAS receives the remote node's address, the source of which depends on

the type of authentication and the type of IP address allocation.

BayStream Multiservice Software Version 7.2

Dial VPN Network Concepts

2-11

Table of Contents

Chapters

Table of Contents

Troubleshooting

This manual is also suitable for:

Remote annex Baydvs Bay dial vpn

Bay Networks Baystream 7 Configuration And Troubleshooting Manual page 43

Chapters

Troubleshooting

Related Manuals for Bay Networks Baystream 7

Related Products for Bay Networks Baystream 7

This manual is also suitable for:

Table of Contents