Avaya Configuring and Troubleshooting Bay Dial VPN (DVS) Networks Manual de usuario Pagina 30

  • Descarga
  • Añadir a mis manuales
  • Imprimir
  • Pagina
    / 190
  • Tabla de contenidos
  • SOLUCIÓN DE PROBLEMAS
  • MARCADORES
  • Valorado. / 5. Basado en revisión del cliente
Vista de pagina 29
Configuring and Troubleshooting Bay Dial VPN Services
1-10 303509-A Rev 00
Tunnel Management Server (TMS)
The mechanism for identifying tunneled users is the tunnel management server
(TMS) that resides on a tunnel management server.
For Layer 3 tunnels, the NAS retrieves the tunnel configuration attributes from its
TMS database residing on the tunnel management server and uses them to build a
tunnel into the customer’s network. Once the tunnel is open, the user can be
authenticated at the customer’s network. Tunnel management can be either
RADIUS or erpcd-based.
In the RADIUS method, a RADIUS server resides at the service provider site
and manages the TMS database. The NAS and the RADIUS server
communicate using IP over the service provider network. Only Layer 3
tunnels can use this method.
In the erpcd-based method, the TMS hosts a database application (the Tunnel
Management System) that controls the IP tunnel establishment attempt from
the NAS. The TMS runs on the same UNIX host as the Access Control
Protocol (ACP) software. The NAS and the TMS communicate using the Bay
Networks proprietary Expedited Remote Procedure Call Daemon (erpcd or
Secure erpcd). Both Layer 3 and Layer 2 tunnels can use this method.
In either method, the NAS queries the TMS database for the addressing
information it needs to construct the IP tunnel. This query is based on the user
domain name and on the policy and state information of the enterprise customer
account when the remote user dials in. As a Dial VPN network administrator, you
must provide the user domain and tunnel addressing information to the TMS
database for each enterprise customer. Chapter 5 and Chapter 6 describe the
commands you can use to provision the default TMS database.
ISP Network Components for Layer 2 Tunnels
The following sections describe the components of a network with Layer 2
tunnels. A network with Layer 2 Dial VPN tunnels also has a NAS (which may
function as either a LAC or a RAS) and a tunnel management server. The edge
router, however, does not function as a gateway; rather, the tunnel end point is the
CPE router on the customer’s home network. The network itself can have
additional components. This description pertains only to those relevant to Layer 2
tunneling.
Vista de pagina 29
1 2 ... 25 26 27 28 29 30 31 32 33 34 35 ... 189 190

Comentarios a estos manuales

Sin comentarios