Bay Networks Baystream 7 Manual de usuario descargar pdf (Pagina 6)

Concentric Network Corporation White Paper, Outsourcing Remote Access Services

10/1/1998 6

User/Tunnel Interaction

The following is a summary of the steps involved in establishing a connection over the

Concentric Network. This scenario assumes that RADIUS is the user authentication method and

the Authentication Server resides in the customer network:

1. The remote user invokes AccessFinder, finds & dials a local number, and the initial PPP

handshake begins with the Remote Access Server (RAS).

2. The user is logged in to the RAS using a combination of user name and domain name, along

with their password. (Example: [email protected]).

3. The RAS queries a Tunnel Management Server (TMS) with the domain name to find a

matching entry in the database.

4. If the entry is found, the TMS responds to the RAS with the information necessary to build an

IP “Tunnel” between the dial port and a specific Frame Relay port, identified by a Data Link

Connection Identifier (DLCI).

5. The RAS then sends a registration message including the DLCI, user name, password, and

the IP address of the customer’s authentication server to the gateway node. A secure

cryptographic handshake is performed between the RAS and the gateway node to verify the

identity of each.

6. The gateway sends out a RADIUS access request message to the specified authentication

server. The request message is encrypted between the gateway and the authentication

server.

7. The gateway then passes a RADIUS authentication acknowledgment to the RAS to complete

the authentication.

8. The connection is established, the tunnel is then built, and data begins to pass through the

network.

9. The tunnel exists until the connection is dropped, then the gateway router sends a RADIUS

accounting disconnect message so that IP address can be reassigned.

Security of Concentric RemoteLink™

The RemoteLink™ service has been designed to provide a high degree of security. In terms of user

authentication, remote users are assigned user ID’s and passwords, which are authenticated against

the customer’s RADIUS server. Concentric supports time synchronous handheld user authentication

tokens (tokens not requiring a challenge), via an extension to the RADIUS server. There is also a

cryptographic authentication handshake that occurs between the entry RAS server, and the gateway

router, to verify identity of each device to the other. Finally, the users ID/password are encrypted

using a shared secret between the RADIUS proxy in Concentric’s network, and the RADIUS server at

the customer premise.

The tunneling technology used by RemoteLink™ provides further security, by hiding the existence of

the customer’s network from the Concentric network, and the Internet. No routes to the customer

network are advertised on Concentric’s network, or the Internet.

Because the data transmitted from end users to their corporate LAN is sent entirely on Concentric’s

nationwide network, data privacy is no more or less an issue than a typical private network. This is in

contrast to other VPN solutions where the data is transmitted over the Internet, and where encryption

is pretty much mandatory.

1 2 3 4 5 6 7 8 9 10 11 ... 20 21

Comentarios a estos manuales

Sin comentarios

Bay Networks Baystream 7 Manual de usuario Pagina 6

Comentarios a estos manuales

Relacionado con productos y manuales para Software Bay Networks Baystream 7