Product Bulletin Nortel VPN Router 2700

Chia sẻ: Nguyen Tien Lich | Ngày: | Loại File: PDF | Số trang:4

Thêm vào BST

Báo xấu

125
lượt xem 8
download

Download Vui lòng tải xuống để xem tài liệu đầy đủ

The rise of the Internet provides enterprises with a unique opportunity to realize cost savings in their internal and external communications. But the Internet was not designed with security in mind. Enterprises with mission-critical Internet applications must secure the data they transmit, as well as protect their internal networks from outside intrusion. The Nortel VPN Router 2700 is an ideal solution for large enterprises that want to extend secure remote access to many teleworkers or remote sites. ...

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: Product Bulletin Nortel VPN Router 2700

Product Bulletin Nortel VPN Router 2700 Delivering security The VPN Router 2700 is an ideal solu- for the Internet tion for enterprises that require secure, high-performance connectivity to the The rise of the Internet provides Internet or managed IP networks. enterprises with a unique opportunity Designed for larger regional or head- Nortel VPN Router 2700 to realize cost savings in their quarters sites, the VPN Router 2700 internal and external communications. provides IP routing, Virtual Private But the Internet was not designed hensive set of secure IP services, along Networking (VPN), stateful firewall, with security in mind. Enterprises with with hardware-based encryption acceler- encryption, authentication and band- mission-critical Internet applications ation, the VPN Router 2700 allows width management in a single inte- must secure the data they transmit, enterprises to deploy needed services grated platform. as well as protect their internal today with the ability to easily add new networks from outside intrusion. The As a modular solution, the VPN Router ones in the future. Nortel VPN Router 2700 is an ideal 2700 flexibly addresses enterprise needs A variety of LAN/WAN interface solution for large enterprises that for secure Internet connectivity, including options enables the VPN Router 2700 to want to extend secure remote access VPN communications, stateful fire- act as the all-in-one “IP edge” solution to many teleworkers or remote sites. walling and IP routing. With a compre- for secure connection to the Internet or IP network. It offers high-speed LAN (10/100/1000 Mbps) as well as compre- hensive WAN options — T1, V.35/X.21, ISDN, V.90 and HSSI — as well as Frame Relay support for flexible connectivity.
Modular platform for As a market leader in IP Virtual Private existing routing infrastructure. And flexible expansion Networking (IP-VPN), Nortel’s VPN support for LDAP, RADIUS and X.509 Router family has been delivering on digital certificates enables the VPN The VPN Router 2700 offers three the promise of secure end-to-end VPNs Router to interoperate with existing expansion slots that can be used to inte- for years. The VPN Router 2700 delivers authentication and/or directory systems. grate a range of hardware options. These these market-leading VPN capabilities, include both 10/100 Mbps and Gigabit Ethernet, V.35, T1/E1, ISDN, V.90, whether for remote VPN client access or Comprehensive management ADSL and HSSI interfaces for fan-out in support of branch or remote site services VPNs to other VPN Router devices. The VPN Router 2700 offers compre- and back-up purposes. hensive management services common Low total cost of ownership Flexible IP services across the product line. These include As a standards-based solution, the VPN the VPN Router Multi-element Manager, With its high-performance design, inte- Router 2700 series can interoperate with a centralized provisioning solution for grated LAN and WAN interfaces, and existing routing, authentication, direc- up to 2,500 VPN Router devices which wide variety of secure IP services, the tory and security systems and can bridge can store and automatically update VPN Router 2700 is a cost-effective the transition to new IP services. remote VPN Router devices. Device solution for large enterprise sites, management also includes Web-based including regional site and/or head- It can be deployed as an Internet access and command-line configuration utilities, quarters environments. A single VPN device, secure VPN gateway or firewall SNMP monitoring and alerts, as well as Router 2700 offers a range of services solution and be easily upgraded with a rich set of security and system logging (e.g., router, VPN gateway, stateful fire- additional services. Advanced routing tools that let administrators track all wall) that would otherwise require software (e.g., OSPF, RIP) enables the transactions and events. multiple discrete devices to deliver. VPN Router to interoperate with Furthermore, new IP services can be easily added. The VPN Router 2700 can be deployed as a VPN gateway, Key VPN Router 2700 features/benefits router or firewall and new IP services Features Benefits can be later added via a software license Extensive VPN and Broad support for site-to-site and remote access IPSec VPNs, key — simplifying the upgrade process. security capabilities as well as extensive authentication options, wire-speed encryption (3DES and AES), stateful firewall and Denial of Service (DoS) protection Security by design Modular WAN and Direct connection to a wide area network without requiring The VPN Router 2700 series incorporates LAN I/O separate router or access device; additional I/O slots enable multiple WAN or LAN cards for back-up and/or expansion the same Secure Routing Technology purposes (SRT) framework available across the Dial back-up and Automatic connection over a dial back-up link (e.g., V.90 or VPN Router product line. SRT tightly Dial-on-Demand ISDN) if primary Internet (IP) connection should fail — or, same integrates security and IP services within services link can be used as primary WAN option in order to save cost a single VPN Router device and enables VoIP-friendly Advanced QoS and integrated SIP application layer gateways (ALGs) ensure the secure and reliable transport of VoIP traffic, a consistent security structure across including transport across VPN Router NAT and stateful those services. This provides scalability firewall boundaries and high performance even when Stateful packet High-performance firewall license provides network perimeter running multiple IP services in the same firewall protection without requiring purchase of a separate standalone device device. SRT further delivers key features Advanced routing OSPF, BGP, VRRP and bandwidth management services allow — such as dynamic routing over IPSec- design of robust, high-performance and highly available IP-VPN based VPN tunnels, common security networks that can scale policies across VPN, routing, and fire- Hardware encryption Improved VPN throughput through dedicated acceleration wall services, and a flexible licensing accelerator hardware scheme that enables new IP services to be turned up on demand. 2
Technical specifications — features and capabilities Nortel VPN Router Model 2700 IP Services • RIPv1/v2, OSPFv2, BGP-4 • Dynamic Routing over IPSec (RFC 3884) • 802.1Q VLAN routing • Policy-based routing (next hop traffic filters) • IGMP (v2/v3) Proxy • DHCP • Virtual Router Redundancy Protocol (VRRP) • Data Link Switching (DLSw); SNA encapsulation within IP • NAT (Cone, PAT), including NAT translation for branch and client tunnels VPN Tunneling • IPSec, including authentication header (AH), encapsulating security protocol (ES) and Internet key exchange (IKE) Protocols • Point-to-point tunneling protocol (PPTP), including compression and encryption • Layer 2 Tunneling Protocol (L2TP), including L2TP/IPSec Encryption • Data Encryption Standard (DES) • Triple DES (3DES) using 3 independent 56-bit keys; 168-bit key length (effective strength of 128 bits) • Advanced Encryption Standard (AES); 128-bit and 256-bit versions User Authentication • X.509 Digital Certificates, Smart Cards (support for all major vendors and MS-CAPI), Common Access Card (CAC) Services • 4096-bit certificates, Certificate Revocation List (CRL), On-line Certificate Status Protocol (OCSP) (RFC2560) • Remote authentication dial-in user services (RADIUS) • Hard and soft token support (e.g., SecureID and AXENT) • User name and password and NT Domain Login • Internal or external lightweight directory access protocol (LDAP) WAN Protocols • Point-to-Point Protocol (PPP); including PPP over Ethernet (PPPoE) and Services • Frame Relay (including FRF.9 compression and FRF.12 fragmentation) • ADSL (G.DMT, G.Lite, ANSI T1.413) with support for PPP and PPPoE over ATM • Dial-on-demand and dial back-up services via integral V.90 modem or ISDN Bandwidth • User and group-level configurable minimum bandwidth settings Management; • DiffServ (Differentiated Services) with code point marking QoS • 802.1p/DSCP (Differentiated Services Code Point) mapping • Multi-level Random Early Detection (MRED) • Resource Reservation Protocol (RSVP) VoIP-friendly • Secure IPSec transport of VoIP traffic features • SIP Application Layer Gateway (ALG) for NAT and stateful firewall • Cone NAT (for Nortel Unistim protocol) with NAT “hairpinning” • FRF.12 fragmentation Data Compression • IPComp (RFC 3173) for encrypted and non-encrypted traffic • FRF.9 Frame Relay compression Accounting • Event, system, security and configuration logging • Internal and external RADIUS accounting • Automatic archiving to external system Management • Supports browser-based configuration; or Nortel Command Line Interface • Optional Nortel VPN Router Multi-Element Manager for provisioning of up to 2,500 VPN Router devices • Supported by Nortel’s Network Resource Manager • Easy Install utility for simple remote VPN Router set-up • SNMP monitoring and alerts • SSL, SSH, SFTP management access • Three levels of administrator access; role-based management to separate service provider and end-user Stateful Firewall • Multi-layers stateful packet inspection supporting over 100 network application filters, including TCP, UDP, FTP, HTTP, H.323, RealAudio, Java and ActiveX • Extensive and customizable logging options • End-user authentication with Tunnel Guard • Unlimited firewall users and policies for tunneled and non-tunneled traffic Nortel VPN Client • IPSec (with DES, 3DES and AES encryption) • Microsoft Windows 2000, XP and Vista-based clients • Macintosh and Linux via software license Endpoint security • Tunnel Guard enforces security policies on endpoint PCs by checking for anti-virus, personal firewall or any application soft- ware (e.g., patches) before allowing VPN connection; support for pre-defined security policies Certifications • ICSA (International Computer Security Association) certification (IPSec 1.2 enhanced) • FIPS 140-2 (Federal Information Processing Standard for Security) for VPN Client and Server • Virtual Private Network Consortium (VPNC) Basic Conformance Testing (IPSec) • Common Criteria EAL-4+ 3
Technical specifications — physical and operational VPN Router 2700 — up to 2000 VPN Tunnels Components • Software • Memory VPN Bundle (max tunnels) — Standard — 256 MB — VPN Router O/S with 500 VPN tunnels and IP routing (RIPv2) — Maximum — 512 MB — VPN Client for MS-Windows with unlimited distribution license • 1.33 GHz processor Secure Router Bundle • Three PCI expansion slots — VPN Router O/S with 5 VPN tunnels and IP routing (RIPv2) • LAN/WAN Interface Options — VPN Client for MS-Windows with unlimited distribution license Standard Optional licenses — 2 x 10/100BaseT Ethernet ports — Stateful firewall — Management/Console Port (DB-9) — Advanced routing (OSPF, VRRP, bandwidth management) Optional — Premium routing (Advanced routing plus BGP-4) — 10/100 Base-T Ethernet — Data Link Switching (DLSw) — 1000 Base-SX/T (GigE) Ethernet — VPN Tunnel upgrade (from 5 to 500 tunnels) for Secure — 1-port V.35/X.21 serial Router bundle — 1-port T1/E1 — VPN Client for MAC and UNIX — 4-port T1/E1 Physical — ISDN BRI (S and T interface) Length: 21 in. (53.3 cm) Width: 17.25 in. (43.8 cm) — V.90 modem Height: 5.25 in. (13.3 cm) — ADSL Weight: 28.0 lb (12.7 kg) — High-Speed Serial Interface (HSSI) Operating environment — 56/64K CSU/DSU Electrical: 90-264 VAC, 2.0A @ 90 VAC, 47-63 Hz • Encryption accelerator card (option) Temperature: 32-104F (0-40C) Relative humidity: — 10-90% noncondensing — 819 BTU/hour @ 240 VAC Regulatory approvals Safety: CSA 22.2 No. 60950, UL 60950, EN/IEC 60950 EMC: (CE) EN55022, Class A, EN55024 including EN61000-3-2 and EN61000-3-3 CISPR22 (including AN/NZS), FCC Part 15 Class A (US), ICES-003 (Canada), VCCI (Japan) Nortel is a recognized leader in delivering communications capabilities that make the In the United States: promise of Business Made Simple a reality for our customers. Our next-generation Nortel 35 Davis Drive technologies, for both service provider and enterprise networks, support multimedia Research Triangle Park, NC 27709 USA and business-critical applications. Nortel’s technologies are designed to help eliminate today’s barriers to efficiency, speed and performance by simplifying networks and In Canada: Nortel connecting people to the information they need, when they need it. Nortel does busi- 195 The West Mall ness in more than 150 countries around the world. For more information, visit Nortel Toronto, Ontario M9C 5K1 Canada on the Web at www.nortel.com. For the latest Nortel news, visit www.nortel.com/news. In Caribbean and Latin America: For more information, contact your Nortel representative, or call 1-800-4 NORTEL Nortel or 1-800-466-7835 from anywhere in North America. 1500 Concorde Terrace Sunrise, FL 33323 USA Nortel, the Nortel logo, Nortel Business Made Simple and the Globemark are trade- marks of Nortel Networks. All other trademarks are the property of their owners. In Europe: Nortel Copyright © 2008 Nortel Networks. All rights reserved. Information in this document Maidenhead Office Park, Westacott Way is subject to change without notice. Nortel assumes no responsibility for any errors Maidenhead Berkshire SL6 3QH UK that may appear in this document. Email: euroinfo@nortel.com In Asia: NN100581-122208 Nortel United Square 101 Thomson Road Singapore 307591 BUSINESS MADE SIMPLE Phone: (65) 6287 2877