3Com MSR 50 Series Configuration Manual page 1560

1560 C 80: DVPN C
HAPTER ONFIGURATION
registration acknowledgement (the identity authentication steps are skipped in
this case). If authentication is required, the server sends to the client an identity
authentication request, indicating the required authentication algorithm. In the
case of CHAP authentication, a random number is also sent.
3 The client submits it identity information to the server.
4 Upon receiving the identity information of the client, the server sends an
authentication request to the AAA server and, after receiving the authentication
acknowledgement, sends an accounting request to the AAA server. Only when the
server receives the accounting acknowledgement, does it sends to the client a
registration acknowledgement, telling the client information about the Hub.
Tunnel establishment phase
After a Spoke successfully registers itself, it needs to establish a permanent tunnel
with a Hub. A Spoke can establish permanent tunnels with up to two Hubs. If
there is more than one Hub in a VPN domain, tunnels are required between the
Hubs. Figure 434
Figure 434 Tunnel establishment process
Spoke/Hub
1) Tunnel establishment request
2) Tunnel established
Spoke
1) Tunnel establishment request
2) Tunnel established
1 The initiator originates a tunnel establishment request.
Spoke-Hub tunnel: After a Spoke registers itself successfully, it needs to
■
establish a permanent tunnel with each Hub in the VPN. Upon receiving the
registered information of the hubs from the server, a Spoke checks whether a
tunnel is present to each hub. If no tunnel exists between the Spoke and a hub,
the Spoke sends a tunnel establishment request to the Hub.
Hub-Hub tunnel: After a Hub registers itself successfully, the server sends the
■
registered information of the other Hubs in the VPN to the Hub and the Hub
checks whether a tunnel exists to each of its peer Hubs. If not, the Hub sends a
tunnel establishment request to the peer Hub.
Spoke-Spoke tunnel: When a Spoke receives a data packet but finds no tunnel
■
for forwarding the packet, it sends an address resolution request to the server
and then, after receiving the resolved address, sends a tunnel establishment
request to the peer Spoke.
2 The tunnel establishment request receiver saves the tunnel establishment
information and sends a response to the sender. If the request sender receives the
response, a tunnel is established. Otherwise, tunnel establishment attempt fails.
shows the tunnel establishment process:
Hub
Spoke