The Branch Gateways were designed for small branch offices of a larger enterprise. Consequently, the same RAS may serve many branch offices, and, therefore, many Branch Gateways. A reasonable assumption is that not all branch offices would need modem dial backup at the same time. Therefore, the ratio of modem channels at the RAS to Branch Gateways at branch offices can be less than 1:1. There are several practical ways to configure the RAS server for use with modem dial backup Dialer interfaces:

• The RAS can assign an IP address to the calling Branch Gateway. This requires the RAS to identify the call gateway using the PAP/CHAP username, and install an appropriate static route to the branch office subnets accordingly. The username, password, and static route can be configured in an external RADIUS/TACACS+ server.

• The RAS server can use OSPF to learn the branch office subnets. This is much simpler to configure as all branch offices can share the same username and password. The Branch Gateway is configured to advertise the branch office subnets with OSPF. This feature requires the use of unnumbered IP addresses at the Branch Gateway and the RAS. Since the Dialer and the primary interfaces are not expected to be up at the same time, the RAS server can use passive-OSPF-interface and the Branch Gateway can use static via routes.

• The Branch Gateway can call an ISP RAS (which is likely to assign it a dynamic IP address) and open an IPSec VPN tunnel to an enterprise-owned VPN gateway.

While using OSPF and calling an ISP RAS are expected to be the most common scenarios, they involve complex interaction with IP routing and the remote RAS server. For more detailed configuration examples, see Application Note - VoIP Network Resiliency.