Avaya Configuring and Troubleshooting Bay Dial VPN (DVS) Networks Manual de usuario

Part No. 303509-A Rev 00October 1998BayRS Version 13.00Site Manager Software Version 7.00 Configuring and Troubleshooting Bay Dial VPN Services

303509-A Rev 00 7-1 Chapter 7Configuring the Layer 3 GatewayOnly Layer 3 tunnels use a gateway. To configure a Bay Networks router at the service pr

Configuring and Troubleshooting Bay Dial VPN Services7-2 303509-A Rev 005.Specify the IP address for this frame relay or PPP interface.This is the “

Configuring the Layer 3 Gateway303509-A Rev 00 7-3 c.Specify the keys associated with this SPI value.Each SPI value has a 128-bit key associated wit

Configuring and Troubleshooting Bay Dial VPN Services7-4 303509-A Rev 00h.Enter the IP address of the RADIUS server to which this client will connec

Configuring the Layer 3 Gateway303509-A Rev 00 7-5 d.Specify the address of one or more DHCP servers on the home nework.Refer to Chapter 8 for addit

303509-A Rev 00 8-1 Chapter 8Requirements Outside the ISP NetworkAlthough the responsibility for configuring network elements outside the Dial VPN s

Configuring and Troubleshooting Bay Dial VPN Services8-2 303509-A Rev 00Configuring a Static Route and an Adjacent HostA static route is a manually

Requirements Outside the ISP Network303509-A Rev 00 8-3 In Figure 8-1, the IP addresses and the frame relay DLCI are in bold type. The dashed lines

303509-A Rev 00 xiFiguresFigure 1-1. Dial VPN Network with Layer 3 and Layer 2 Tunnels ...1-3Figure 1-2. Dial VPN Network

Configuring and Troubleshooting Bay Dial VPN Services8-4 303509-A Rev 00Dynamic mode lets you make changes to the currently running configuration fi

Requirements Outside the ISP Network303509-A Rev 00 8-5 Configuring the Adjacent Host and Static RoutesThe next step is to create a single adjacent

Configuring and Troubleshooting Bay Dial VPN Services8-6 303509-A Rev 00For a Bay Networks router with frame relay, the complete static route is a c

Requirements Outside the ISP Network303509-A Rev 00 8-7 • The IP address of the CPE router’s network interface to the adjacent host (next hop)• The

Configuring and Troubleshooting Bay Dial VPN Services8-8 303509-A Rev 00Configuring Frame Relay on the CPE RouterIf the CPE router is a Bay Networks

Requirements Outside the ISP Network303509-A Rev 00 8-9 • Use the Site Manager Statistics Manager to verify that the frame relay connection is opera

Configuring and Troubleshooting Bay Dial VPN Services8-10 303509-A Rev 00Configuring the CPE Router for IPX Support (Layer 3 Only)When configuring t

Requirements Outside the ISP Network303509-A Rev 00 8-11 6. Enter the Novell Configured Network Number (in hexadecimal notation) of your Ethernet in

Configuring and Troubleshooting Bay Dial VPN Services8-12 303509-A Rev 00Table 8-1 shows the relationship between interface types and encapsulation

Requirements Outside the ISP Network303509-A Rev 00 8-13 This completes the CPE router Ethernet and Serial interface configuration for IPX.Configuri

Configuring and Troubleshooting Bay Dial VPN Services8-14 303509-A Rev 00Enabling L2TP on an Unconfigured WAN InterfaceTo enable L2TP on an unconfig

Requirements Outside the ISP Network303509-A Rev 00 8-15 Enabling L2TP on an Existing PPP InterfaceTo enable L2TP on an interface with PPP and IP al

Configuring and Troubleshooting Bay Dial VPN Services8-16 303509-A Rev 00Enabling L2TP on an Existing Frame Relay InterfaceTo enable L2TP on an inte

Requirements Outside the ISP Network303509-A Rev 00 8-17 Installing and Configuring BSAC on the Home NetworkBSAC can run on a server running UNIX, N

Configuring and Troubleshooting Bay Dial VPN Services8-18 303509-A Rev 00Configuring IPX on the Home Network RADIUS ServerBaySecure Access Control (

Requirements Outside the ISP Network303509-A Rev 00 8-19 recognize the gateway address (RADIUS client) and provide addresses from a second subnet.A

Configuring and Troubleshooting Bay Dial VPN Services8-20 303509-A Rev 00Creating Scopes and a SuperscopeThe following sections describe the procedu

Requirements Outside the ISP Network303509-A Rev 00 8-21 Creating the Scope of Assignable AddressesNext, create the scope of addresses that you want

Configuring and Troubleshooting Bay Dial VPN Services8-22 303509-A Rev 00Once you have completed these procedures, the DHCP is configured to dynamic

303509-A Rev 00 9-1 Chapter 9Managing a Dial VPN NetworkManaging a Dial VPN network consists mainly of managing its elements, in particular the Bay

303509-A Rev 00xiiiTablesTable 1-1. Layer 3 and Layer 2 Dial VPN Feature Implementation ...1-5Table 4-1. Where to Find Configu

Configuring and Troubleshooting Bay Dial VPN Services9-2 303509-A Rev 00You must also ensure that remote users have the information they need to dia

303509-A Rev 00 A-1 Appendix APlanning WorksheetThis appendix consists of a network planning worksheet. You may not have enough information yet to c

Configuring and Troubleshooting Bay Dial VPN ServicesA-2 303509-A Rev 00At the BayDVS Service Provider’s SiteRecord the equipment you have at your o

Planning Worksheet303509-A Rev 00 A-3 • If this is a RADIUS-only configuration, list the IP address of the RADIUS TMS server.(name) ________________

Configuring and Troubleshooting Bay Dial VPN ServicesA-4 303509-A Rev 00• For the static route between the CPE router and the remote node: -- What i

303509-A Rev 00 B-1 Appendix BSyslog MessagesThe Remote Access Concentrator and the TMS write system and error messages to the system logfile, syslo

Configuring and Troubleshooting Bay Dial VPN ServicesB-2 303509-A Rev 00Table B-1. Remote Access Concentrator Syslog MessagesType Syslog Contents Me

Syslog Messages303509-A Rev 00 B-3 Error Messages in this category may include the following <reason> codes:• "Connection timed out"

Configuring and Troubleshooting Bay Dial VPN ServicesB-4 303509-A Rev 00TMS Syslog MessagesWhen an error occurs in the embedded code or TMS portion

Syslog Messages303509-A Rev 00 B-5 Table B-2. TMS Syslog MessagesType Message MeaningWarning tms: could not parse request from <NAS_IP_address&g

Configuring and Troubleshooting Bay Dial VPN ServicesB-6 303509-A Rev 00Critical tms: RAS database not found This is a serious problem indicating th

Syslog Messages303509-A Rev 00 B-7 Notice tms: <domain/DNIS> RAS <NAS_IP_address> count already zeroThis message indicates a correction,

Configuring and Troubleshooting Bay Dial VPN ServicesB-8 303509-A Rev 00Error Messages in this category may include the following <reason> cod

Syslog Messages303509-A Rev 00 B-9 Error(continued)ppp:<port#>:DVS:tunnel registration failed: <reason>An error occurred during the tunn

303509-A Rev 00 C-1 Appendix CTroubleshootingThis appendix assumes that you have a working knowledge of Site Manager and the Remote Access Concentra

Configuring and Troubleshooting Bay Dial VPN ServicesC-2 303509-A Rev 00Preventing ProblemsThe suggestions that follow can help you anticipate and p

Troubleshooting303509-A Rev 00 C-3 5.Back up your files.Store backup copies of the configuration files on the Site Manager workstation. Use a log to

Configuring and Troubleshooting Bay Dial VPN ServicesC-4 303509-A Rev 00Troubleshooting WorksheetThis section poses the initial questions you should

Troubleshooting303509-A Rev 00 C-5 4.Are you using a workaround to prevent the symptoms from occurring? If so, what?________________________________

303509-A Rev 00xv PrefaceThis guide describes Bay Networks Dial Virtual Private Network (VPN) and what you do to start and customize Bay Dial VPN serv

Configuring and Troubleshooting Bay Dial VPN ServicesC-6 303509-A Rev 00Table C-1. Problem Symptoms and Likely CausesIf the symptoms are limited to

Troubleshooting303509-A Rev 00 C-7 Using the System Logs (syslogs) to Diagnose ProblemsThe Remote Access Concentrator provides two mechanisms for lo

Configuring and Troubleshooting Bay Dial VPN ServicesC-8 303509-A Rev 00• Displaying RAC statistics• Monitoring serial line activityYou can display

Troubleshooting303509-A Rev 00 C-9 If a software entity experiences a fault and fails to recover:a.Disable and reenable the port.Watch the event log

Configuring and Troubleshooting Bay Dial VPN ServicesC-10 303509-A Rev 003.Display and change configuration settings and statistics.You can use the

Troubleshooting303509-A Rev 00 C-11 • Screen Builder - Lets you build windows of statistics from scratch or customize statistics windows you copied

Configuring and Troubleshooting Bay Dial VPN ServicesC-12 303509-A Rev 005.Display the encapsulated packet statistics using the netstat - s command.

Troubleshooting303509-A Rev 00 C-13 7.Use Packet Capture to save data packets for later analysis.The Technician Interface Packet Capture tool allows

Configuring and Troubleshooting Bay Dial VPN ServicesC-14 303509-A Rev 009.Document each step you do in the troubleshooting process.An effective tro

Troubleshooting303509-A Rev 00 C-15 Troubleshooting Specific ProtocolsRead the following section if you have isolated the problem to a network proto

Configuring and Troubleshooting Bay Dial VPN Servicesxvi303509-A Rev 00braces ({}) Indicate required elements in syntax descriptions where there is mo

Configuring and Troubleshooting Bay Dial VPN ServicesC-16 303509-A Rev 00Table C-2. Remote Access Concentrator Troubleshooting ChartProblem/Symptom

Troubleshooting303509-A Rev 00 C-17 Hosts don’t appear in hosts display.The Remote Access Concentrator hosts command should list any hosts that broa

Configuring and Troubleshooting Bay Dial VPN ServicesC-18 303509-A Rev 00Network logins to BSD hosts are invisible.The Remote Access Concentrator us

Troubleshooting303509-A Rev 00 C-19 Remote Access Concentrator does not advertise updates.1. Is the RAC parameter routed set to N?2. Did you reboot

Configuring and Troubleshooting Bay Dial VPN ServicesC-20 303509-A Rev 00Remote Access Concentrator does not advertise updates.(continued)6. If your

Troubleshooting303509-A Rev 00 C-21 RAC does not receive updates.1. Are the routes really being advertised?Check whether other routers on the networ

Configuring and Troubleshooting Bay Dial VPN ServicesC-22 303509-A Rev 00Tracing a Packet’s Path at the Remote Access ConcentratorYou can use the pi

Troubleshooting303509-A Rev 00 C-23 Figure C-1. Network Topology for ping -t ExamplesGiven the topology in Figure C-1, the command:annex# ping –t 13

Configuring and Troubleshooting Bay Dial VPN ServicesC-24 303509-A Rev 00Troubleshooting Tunnel ProblemsSince the TMS is an extension of the proprie

Troubleshooting303509-A Rev 00 C-25 Operation and Troubleshooting Layer 2 TunnelsUse the log files to troubleshoot your network. The following descr

Preface303509-A Rev 00xvii Acronymsseparator ( > ) Shows menu paths. Example: Protocols > IP identifies the IP option on the Protocols menu. ver

Configuring and Troubleshooting Bay Dial VPN ServicesC-26 303509-A Rev 00Once the tunnel has been established, an entry is placed in the RAC’s Tunne

Troubleshooting303509-A Rev 00 C-27 The following example shows how you can display the configuration of the LNS using commands that the L2TP script

Configuring and Troubleshooting Bay Dial VPN ServicesC-28 303509-A Rev 00RADIUS session for line 300046 sending access request using identifier 1

Troubleshooting303509-A Rev 00 C-29 # 23: 03/16/98 15:32:27.597 TRACE SLOT 3 PPP Code: 63IPCP Rejecting Unknown option on circuit 46.The

Configuring and Troubleshooting Bay Dial VPN ServicesC-30 303509-A Rev 00[2:1]$ show l2tp statL2TP Statistics---------------Slot: 3 SCCRQ

Troubleshooting303509-A Rev 00 C-31 Listing the IP circuits configured on the box shows the entry that corresponds with the assigned network.[2:1]$

Configuring and Troubleshooting Bay Dial VPN ServicesC-32 303509-A Rev 00Accounting Log"03/16/1998","15:36:31","LNS_LABNOTE

303509-A Rev 00 Glossary-1 GlossaryAccess Control Protocol (ACP)Bay Networks software utility that provides a wide range of security features to An

Configuring and Troubleshooting Bay Dial VPN ServicesGlossary-2 303509-A Rev 00decapsulationStripping protocol-specific information from a data pack

Glossary303509-A Rev 00 Glossary-3 Internet Protocol (IP)Part of the TCP/IP suite of protocols defined in RFC 791. Describes the software responsibl

Configuring and Troubleshooting Bay Dial VPN Servicesxviii303509-A Rev 00ISO International Organization for StandardizationISP Internet Service Provid

Configuring and Troubleshooting Bay Dial VPN ServicesGlossary-4 303509-A Rev 00NCPNetwork Control Protocol. Software that manages the traffic betwee

Glossary303509-A Rev 00 Glossary-5 RIPRouting Information Protocol. A distance-vector protocol in the IP suite (used by IP and IPX network-layer pro

Configuring and Troubleshooting Bay Dial VPN ServicesGlossary-6 303509-A Rev 00Tunnel Management System (TMS)A database of IP tunnel management info

303509-A Rev 00Index-1AAccess Control Protocol log file, C-7Access Control Protocol server, 1-10Access Stack Node (ASN), 1-2accountinggateway and tunn

Index-2303509-A Rev 00configuringadjacent host, 8-6adjacent host and static route, 8-2Dial VPN, 1-7Remote Annex software, 4-1static route, 8-7congesti

303509-A Rev 00Index-3Events Manager, C-8Expedited Remote Procedure Call Daemon. See erpcdFfault event, C-8, C-9forwarding tables, saving, C-13frame r

Index-4303509-A Rev 00LNSBay Networks implementation, 2-5configuring, 8-13configuring router as, 8-13description, 1-12L2TP security, 2-7operating with

303509-A Rev 00Index-5primary_authentication_ server_addr, TMS parameter, 5-9primary_dynamic_address_assignment_server_addr, TMS parameter, 5-9problem

Index-6303509-A Rev 00sauth, TMS parameter, 5-9scope, 8-18Screen Builder tool, C-11Screen Manager tool, C-10, C-13secondary_accounting_server_addr, TM

303509-A Rev 00Index-7TMScommands, 5-4database, 5-1description, 3-4managing, 9-1Tunnel Management System, 1-10TMS database, 5-4alternatives, 5-13descr

Preface303509-A Rev 00xix Bay Networks Technical PublicationsYou can now print Bay Networks technical manuals and release notes free, directly from th

ii303509-A Rev 004401 Great America Parkway 8 Federal StreetSanta Clara, CA 95054 Billerica, MA 01821Copyright © 1998 Bay Networks, Inc.All rights res

303509-A Rev 00 1-1 Chapter 1Tunneling OverviewBay Networks Dial Virtual Private Network Services provides secure dial-access services for corporate

Configuring and Troubleshooting Bay Dial VPN Services1-2 303509-A Rev 00Dial VPN encapsulates multiprotocol data within an IP datagram. It then send

Tunneling Overview303509-A Rev 00 1-3 Dial VPN dynamically creates a tunnel when it connects to the remote node’s home network. One end point of the

Configuring and Troubleshooting Bay Dial VPN Services1-4 303509-A Rev 00Layer 3 TunnelingIn Layer 3 tunneling, the tunnel exists between the Network

Tunneling Overview303509-A Rev 00 1-5 How a Dial VPN Network FunctionsAny authorized remote user (using a PC or dial-up router) who has access to a

Configuring and Troubleshooting Bay Dial VPN Services1-6 303509-A Rev 00Figure 1-2. Dial VPN Network with Connections to Different Destination Types

Tunneling Overview303509-A Rev 00 1-7 For Bay Networks routers used with a Layer 3 Dial VPN tunnel, you must specify an adjacent host and a static r

Configuring and Troubleshooting Bay Dial VPN Services1-8 303509-A Rev 00The following considerations apply only to Layer 2 (L2TP) tunnels:• If the P

Tunneling Overview303509-A Rev 00 1-9 GatewayUsed only in Layer 3 networks, the gateway can be an ASN, BLN, BLN-2, BCN, or System 5000 MSX equipped

303509-A Rev 00iiiBay Networks, Inc. Software License AgreementNOTICE: Please carefully read this license agreement before copying or using the accom

Configuring and Troubleshooting Bay Dial VPN Services1-10 303509-A Rev 00Tunnel Management Server (TMS)The mechanism for identifying tunneled users

Tunneling Overview303509-A Rev 00 1-11 L2TP Access Concentrator (LAC)The L2TP access concentrator (LAC) resides at the ISP network. The LAC establis

Configuring and Troubleshooting Bay Dial VPN Services1-12 303509-A Rev 00Enterprise subscribers of this service must configure the CPE router to all

Tunneling Overview303509-A Rev 00 1-13 • Providing accounting services for corporate billingFor Layer 3 tunnels, the RADIUS client of this server re

Configuring and Troubleshooting Bay Dial VPN Services1-14 303509-A Rev 00DHCP ServerIf you implement the optional Dynamic Host Configuration Protoco

303509-A Rev 00 2-1 Chapter 2Dial VPN Layer 2 TunnelingThis chapter describes how a Layer2 Dial VPN tunnel functions. Among these concepts are how a

Configuring and Troubleshooting Bay Dial VPN Services2-2 303509-A Rev 00Figure 2-1. Layer 2 Tunnel Packet PathBuilding a Network for Layer 2 Tunneli

Dial VPN Layer 2 Tunneling303509-A Rev 00 2-3 2.Install and configure any intermediate nodes on the WAN.The WAN can include intermediate nodes. For

Configuring and Troubleshooting Bay Dial VPN Services2-4 303509-A Rev 00• The CPE router that is the end point of Layer 2 tunnels is configured as t

Dial VPN Layer 2 Tunneling303509-A Rev 00 2-5 Figure 2-2. L2TP Packet Encapsulation ProcessBay Networks L2TP ImplementationIn an L2TP tunnel, the Ba

iv303509-A Rev 00its own data and information and for maintaining adequate procedures apart from the Software to reconstruct lost or altered files, d

Configuring and Troubleshooting Bay Dial VPN Services2-6 303509-A Rev 00• The LNS performs user authentication with a RADIUS server to prevent unaut

Dial VPN Layer 2 Tunneling303509-A Rev 00 2-7 When the LAC receives a call, it forwards the domain name to the TMS. The domain name is the portion o

Configuring and Troubleshooting Bay Dial VPN Services2-8 303509-A Rev 00During tunnel authentication, the LNS identifies the L2TP client or LAC by c

Dial VPN Layer 2 Tunneling303509-A Rev 00 2-9 Figure 2-3. Tunnel Authentication Control MessagesAfter tunnel authentication is complete, it need not

Configuring and Troubleshooting Bay Dial VPN Services2-10 303509-A Rev 00RADIUS AccountingThe RADIUS server can provide accounting services in addit

Dial VPN Layer 2 Tunneling303509-A Rev 00 2-11 Remote Router ConfigurationIf the host at the remote site is a Bay Networks router, you may need to c

Configuring and Troubleshooting Bay Dial VPN Services2-12 303509-A Rev 00Examples of L2TP TunnelsFigure 2-4 shows an L2TP network that uses a LAC to

Dial VPN Layer 2 Tunneling303509-A Rev 00 2-13 Making a Connection Across an L2TP NetworkThe following steps explain how a remote user connects acro

Configuring and Troubleshooting Bay Dial VPN Services2-14 303509-A Rev 00When Does Dial VPN Tear Down the Tunnel?The LAC brings down the tunnel for

303509-A Rev 00 3-1 Chapter 3Dial VPN Layer 3 TunnelingThis chapter describes how a Layer 3 Dial VPN tunnel functions. Among these concepts are how

303509-A Rev 00 vContentsPrefaceBefore You Begin ...

Configuring and Troubleshooting Bay Dial VPN Services3-2 303509-A Rev 00Figure 3-1. Layer 3 Tunnel Packet PathBuilding a Network for Layer 3 Tunneli

Dial VPN Layer 3 Tunneling303509-A Rev 00 3-3 3.Install the software for the tunnel management server, Remote Access Concentrator, and (for the erpc

Configuring and Troubleshooting Bay Dial VPN Services3-4 303509-A Rev 0010.Make sure that the home network is configured to connect to the Dial VPN

Dial VPN Layer 3 Tunneling303509-A Rev 00 3-5 The Grant message contains the following information, which is stored in the TMS database:• Remote nod

Configuring and Troubleshooting Bay Dial VPN Services3-6 303509-A Rev 00How the TMS Database WorksThe TMS database (by default, UNIX ndbm) resides o

Dial VPN Layer 3 Tunneling303509-A Rev 00 3-7 Using DHCP for Dynamic IP Address AllocationThis method requires a DHCP server on the home/corporate n

Configuring and Troubleshooting Bay Dial VPN Services3-8 303509-A Rev 00DHCP discover request to the DHCP server on the home network, and the server

Dial VPN Layer 3 Tunneling303509-A Rev 00 3-9 Using RADIUS for Dynamic IP Address AllocationEach dial-in user retains exclusive uses of a unique IP

Configuring and Troubleshooting Bay Dial VPN Services3-10 303509-A Rev 00The BSAC (RADIUS) administrator at the customer’s site must enter one or mo

Dial VPN Layer 3 Tunneling303509-A Rev 00 3-11 Figure 3-3. Dial VPN Dynamic IP Address Management SequenceAt the start of service delivery, a client

vi 303509-A Rev 00RADIUS Accounting Server ...1-13DHCP Server ...

Configuring and Troubleshooting Bay Dial VPN Services3-12 303509-A Rev 00server, which sends back an acknowledgment that it has received the packet.

Dial VPN Layer 3 Tunneling303509-A Rev 00 3-13 If the TMS finds a match in its database for both the user and domain names, it determines that this

Configuring and Troubleshooting Bay Dial VPN Services3-14 303509-A Rev 00If the home network is configured to assign IP addresses dynamically using

Dial VPN Layer 3 Tunneling303509-A Rev 00 3-15 Figure 3-4. Packet Encapsulation and Decapsulation ProcessFlag FlagAddress Control Protocol Data FCS

Configuring and Troubleshooting Bay Dial VPN Services3-16 303509-A Rev 00How a Packet Moves Through a Dial VPN NetworkA data packet moves from a rem

Dial VPN Layer 3 Tunneling303509-A Rev 00 3-17 5.The CPE router decapsulates the frame relay or PPP packet and routes the data to the intended recip

Configuring and Troubleshooting Bay Dial VPN Services3-18 303509-A Rev 00The data packet travels from the home network to the remote node using a si

Dial VPN Layer 3 Tunneling303509-A Rev 00 3-19 When Does Dial VPN Tear Down the Tunnel?Dial VPN tears down the tunnel when any of the following situ

303509-A Rev 00 4-1 Chapter 4Configuring the Remote Access ConcentratorThis chapter describes how to use the command line interface (CLI) commands t

303509-A Rev 00 viiA Day in the Life of a Layer 3 Packet ...3-14How a Packet

Configuring and Troubleshooting Bay Dial VPN Services4-2 303509-A Rev 001.Install the RAC software.Use the installation script supplied for the RAC,

Configuring the Remote Access Concentrator303509-A Rev 00 4-3 set port ppp_ncp all (<---This could be set to ipcp and ipxcp.)The slip_ppp_securit

Configuring and Troubleshooting Bay Dial VPN Services4-4 303509-A Rev 004.Enable the appropriate options.To display the options that are enabled, us

Configuring the Remote Access Concentrator303509-A Rev 00 4-5 begin_session v120bearer datacalled_no <called_number>call_action v.120set mode

Configuring and Troubleshooting Bay Dial VPN Services4-6 303509-A Rev 00For a default route, the syntax is: route add<default> <next_hop>

Configuring the Remote Access Concentrator303509-A Rev 00 4-7 During the initial boot of the operational code, the ROM monitor requires the address

Configuring and Troubleshooting Bay Dial VPN Services4-8 303509-A Rev 00Configuring the RAC to Advertise RIP 1 and/or RIP 2 UpdatesBy default, activ

303509-A Rev 00 5-1 Chapter 5Configuring TMS and Security for erpcd NetworksIn a Dial VPN network, tunnel users are authenticated by a RADIUS server

Configuring and Troubleshooting Bay Dial VPN Services5-2 303509-A Rev 00Managing TMS Using the TMS Default DatabaseTunnel management in an erpcd-bas

Configuring TMS and Security for erpcd Networks303509-A Rev 00 5-3 The syntax of the command that creates a TMS entry is:tms_dbm add <domain>

viii 303509-A Rev 00Chapter 8 Requirements Outside the ISP NetworkConfiguring a Static Route and an Adjacent Host ...

Configuring and Troubleshooting Bay Dial VPN Services5-4 303509-A Rev 00Table 5-1 lists the tunnel management (tms_dbm) commands, and Table 5-2 list

Configuring TMS and Security for erpcd Networks303509-A Rev 00 5-5 All commands except add and help return an error if the entry is not found.rekeyC

Configuring and Troubleshooting Bay Dial VPN Services5-6 303509-A Rev 00Command ArgumentsThe tunnel management commands use common arguments to spec

Configuring TMS and Security for erpcd Networks303509-A Rev 00 5-7 ha=<ha_addr>Not used in Dial VPN. Supported only for compatibility with pre

Configuring and Troubleshooting Bay Dial VPN Services5-8 303509-A Rev 00hwtype=<hw_type>hwaddr=<hw_addr>hwalen=<hw_addr_len>hwtype

Configuring TMS and Security for erpcd Networks303509-A Rev 00 5-9 tutype=<tunnel_type>Specifies the type of tunnel to establish. For a Layer

Configuring and Troubleshooting Bay Dial VPN Services5-10 303509-A Rev 00acctp=<accounting_protocol>Specifies the accounting protocol used bet

Configuring TMS and Security for erpcd Networks303509-A Rev 00 5-11 passwd=<password>Relevant only for Layer 2 tunnels, this parameter specifi

Configuring and Troubleshooting Bay Dial VPN Services5-12 303509-A Rev 00Configuring Local Authentication Using the ACPDial VPN relies on the remote

Configuring TMS and Security for erpcd Networks303509-A Rev 00 5-13 For IPX, use the network and node address combination; for example:0013ABC0:0012

303509-A Rev 00 ixAppendix A Planning WorksheetBayDVS Network Planning Worksheet ...

303509-A Rev 00 6-1 Chapter 6Configuring the TMS Using Local RADIUSYou can configure the TMS database to use a RADIUS server on the service provider

Configuring and Troubleshooting Bay Dial VPN Services6-2 303509-A Rev 00The NAS uses RADIUS accounting messages to determine when the TMS tunnel to

Configuring the TMS Using Local RADIUS303509-A Rev 00 6-3 Figure 6-1. Message Exchanges Supporting RADIUS TMS OperationsLCP negotiateCHAP initiation

Configuring and Troubleshooting Bay Dial VPN Services6-4 303509-A Rev 00Using RADIUS AccountingThe NAS logs the tunnel-bound link sessions to the se

Configuring the TMS Using Local RADIUS303509-A Rev 00 6-5 Table 6-2 summarizes the user stop messages that the NAS sends to the provider’s RADIUS se

Configuring and Troubleshooting Bay Dial VPN Services6-6 303509-A Rev 00RADIUS Attributes That Support TunnelingThe RADIUS attributes that support T

Configuring the TMS Using Local RADIUS303509-A Rev 00 6-7 Table 6-4 lists the RADIUS attributes that the Layer 3 gateway supports.Table 6-4. RADIUS

Configuring and Troubleshooting Bay Dial VPN Services6-8 303509-A Rev 00TMS Parameters for erpcd-Based and All-RADIUS Tunnels While TMS operation is

Configuring the TMS Using Local RADIUS303509-A Rev 00 6-9 TMS System Log (Syslog) MessagesTMS writes its system and error messages to the system log