Branch Gateway supports EASG authentication for remote service logins. Branch Gateways, which are under service contract, do not have LSPs, and are controlled by external MGCs, need a remote connection of services. EASG is a more secure method of authentication than password authentication and does not require a static password.

EASG uses one-time tokens for authentication, in which a unique secret key is associated with each login. EASG authentication is a challenge-response mechanism. The remote user receives a challenge from the gateway and the user returns an EASG authenticated response that the gateway verifies before permitting access. A new challenge is used for each access attempt.

EASG authentication is supported for remote services connecting to the gateway using Telnet or SSH protocols. The remote logins could be via any of the following:

• Dial-up modem connected to the USB or Services port

• Frame relay or leased line

• Secure gateway VPN

• Direct connection to the front panel Services port using the craft login

When EASG authentication is enabled on Branch Gateway, Branch Gateway recognizes any login attempts that use Avaya Services reserved user names as service logins. Branch Gateway requests EASG authentication from the user instead of a static user password.

The following user names are reserved for Avaya Services usage: rasaccess, sroot, init, inads, and craft.

When EASG authentication is enabled on Branch Gateway, all user accounts with user names similar to the reserved service logins are deactivated.