Data Sheet VPN Access 250
20.1.2005
Multifunctional like
your company and
with sophisticated
technology to meet
your demands:
the new
VPN Access devices
from Bintec.
Outstanding IPSec implementation provides you with a high-end
solution for your VPN, packed with a wide range of security
mechanisms.
With the VPN Access Line, Bintec presents a new generation of VPN Gateways. All of the previous
advantages of Bintec devices are included. The new VPN Access devices are optimised for high availability
use in a VPN environment. Higher performance CPUs and more memory makes the products "Future
Proof". IPSec and PPTP encryption is already enabled. There is no need for the separate purchase and
activation of licenses. In addition, there are many new features included in the new VPN Access product
line.
Load Balancing
For all the devices in the VPN Access line with three Ethernet interfaces, it is possible to configure two of the
three interfaces as WAN interfaces. This not only provides more bandwidth, it also gives you the opportunity
of distributing your data traffic on the individual lines, depending on the load or the data type. In this way,
one of the lines can take care of all the traffic into the Internet, while the second line is dedicated to VPN
traffic. The second WAN port can use a second ADSL or even an SDSL line to take care of your company's
other data traffic. This switchover is performed seamlessly and the user will not notice a thing.There is even
an option to set up a backup via an ISDN, an analogue or a GSM modem.
Extensive backup options
A VPN helps you to exchange businesscritical data between
different company locations securely and at an affordable price.
And so it is all the more important that communication is
always guaranteed.
In this case, Bintec offers a wide variety of automatic
mechanisms. If two WAN lines are active, for example, then
one can take over the entire data transfer for the other, should
a malfunction occur. If both lines break down, the VPN traffic
can be automatically forwarded via the integrated ISDN modem
(VPN Access 5 excepted). This switchover is performed
seamlessly and the user won’t notice a thing. And there is even
an option to set up a backup via an analogue or a GSM
modem.
Device redundancy
If the device itself should malfunction, it is possible to forward data exchange automatically to a second
device. Thanks to our Bintec Router Redundancy Protocol (BRRP), two devices can be operated
redundantly and act as one device in the LAN. In addition to their own IP and MAC address per interface,
they both also have a common virtual IP and MAC address. This address is entered as the standard
gateway in all the computers in the LAN. The two VPN devices communicate using the Bintec protocol.
Should one device malfunction, the other would automatically take over the entire data traffic.
Secure encryption
The Bintec IPSec implementation offers everything that customers wish for. In addition to numerous
methods of encryption, including the brand-new AES ("Advanced Encryption Standard"), Bintec offers the
VPN Access product line with encryption codes up to 256 bits in length. This means that your enterprise will
be ready to meet the demands of tomorrow today.
Certificate support
Of course, our devices are not limited to working with just preshared keys; they function with certificates as
well. This means you can build a public key infrastructure for the greatest possible security and the greatest
flexibility in the daily operation of your VPN. Thus, direct intervention to secure the system – when your staff
changes or a VPN device is stolen – is only required at one central location. This makes your administration
easier, increases security and reliability and reduces the costs at the same time.
(By the way: the Governmental Organisations for Security in Information Technology recommend the use of
certificates.)
VPN with dynamic IP addresses
The Bintec IPSec implementation supports the building of VPN tunnels right from the beginning – even with
dynamic IP addresses.As such, the central office with a static IP address can use a free ISDN callback
process to have each branch office build a tunnel. This makes small branch locations permanently available,
even if they are not online all the time.And even if both VPN parties have dynamic IP addresses, there is
nothing to stand in the way of their communication with the Bintec solution. The IP addresses are exchanged
via Dynamic-DNS service providers in the Internet or intranet.
Save costs with data compression
To save costs, data compression was used on conventional ISDN lines in the past to increase data
throughput considerably. And of course, the same applies to VPN connections. However, it is not possible to
use such conventional data compression processes as VJHC, STAC or MPPC on IPSec packets. This
would alter the packets so that the communications partner would identify this as a hacker attack and reject
the incoming packets. The remedy to this problem is the IPCOMP process, which all the Bintec VPN Access
products support. IPCOMP does not increase the bandwidth of the connections; depending on the type of
data, it reduces the data quantity by a factor of ten. And even if we assume a factor of only two, this would at
least halve the costs for volume-based transmission rates.
>> Software Features
>TCP/IP routing
Routing information updating and distribution, static or dynamic (RIP v1/v2/triggered, RFC
2091), selectable for each interface, ProxyARP, BOOTP/DHCP forwarding
>OSPF
Static/dynamic updating and distribution of routing information
>Bridging
Spanning Tree & Transparent Mode
>QoS
Quality of Service with DiffServ and shaping: breakdown of IP data traffic into classes with
different priorities, optimized queue handling and shaping as per these priorities
> BRRP
Bintec Router Redundancy Protocol, back up a service offered by a single physical router to a
LAN (Virtual Router)
> IP load balancing
Bandwidth management
>BoD
Bandwidth on Demand: Scalable bandwidth to suit data traffic load
> AUX backup
Backup via GSM, GPRS or analogue modem
> PPP
Authentication mechanisms (PAP, CHAP, MS-CHAP, MS-CHAP v2), standard PPP, channel
bundling over Multilink PPP (ML-PPP), transparent mode, dynamic IP address assignment
(server and client mode)
> PPPoE
Point-to-Point Protocol over Ethernet (Client and Server) for high-speed Internet access over
xDSL (RFC 2516)
> Dyn. IP addresses
Simple Internet access without fixed IP addresses
> Operating systems
Support from DOS, Windows 3.x/95/98/NT/ME/2000/XP, UNIX, Macintosh and Novell
> ISDN accounting
Call detail recording, number, charging information, ...
> IP accounting
Source, destination, port, interface, packets/bytes counter
> Event Scheduler
Budgets based on data volume or based on time
>Short hold
Static and dynamic short hold saves connection costs through automatic call clearing
> Keep Alive
Monitoring
Saves costs by only allowing a connection to be set up if configurable IP addresses can be
reached
> MPPC
Software data compression also in combination with MPPE (Microsoft Point to Point
Encryption), free-of-charge licence nessecary
>STAC
Compression for PPP connections, free-of-charge licence nessecary
> Cost of ownership
Minimum, e.g. full remote administration
>> ISDN Interface
> ISDN protocols
Euro-ISDN and other national ISDN protocols
> Dialup and leased
lines (BRI)
Leased lines supported: D64S, D64S2, TS02, D64S2Y
> B-channel protocols
Excellent interoperability with other manufacturers (Raw HDLC, CISCO HDLC, X.75)
> PPP, ML-PPP
(See Software)
> Multi-CAPI
Optional: CAPI 2.0 with CAPI user concept (password requested for CAPI use) permit direct
access to services such as fax and e-mail
> Bit rate adaptation
V.110 (1,200 up to 38,400 bps), V.120 up to 57,600 kbps (HSCSD) for connection to GSM
subscribers
>> Hardware Features
> RISC architecture
PCB 750 FX, 733 MHz RISC processor with 64 MB RAM
> Flash ROM
2 MB on board
> Smart Media Flash
Card
2 x SMFC slots for 16-MB cards, 1 x built in and 1 x external (optional)
> LAN / WAN
3 x 10/100 Mbps Ethernet twisted pair, autosensing
>ISDN
1 x BRI, 2 B-channels
>Console
Serial console port: RS 232 C, 8-pole Mini-DIN, 1,200 bps - 115 kbps
> Power supply
Internal power supply 100 - 240 V AC
> Metal housing
Available
>19-inch
Suitable for mounting in 19-inch cabinet, incl. 19-inch installation kit
>MTBF
Long lifetime (at 40 °C > 65,000 h)
> Dimensions
Approx. 440 x 42 x 273 mm (W x H x D)
>Weight
Approx. 2,915 g
>> Security
>NAT/PAT
Network & Port Address Translation / Stateful Packet Inspection: Isolation of complete
network from public access
> CLID and callback
Calling Line Identification (CLID), callback
> Access lists
Filtering of IP packets according to different criteria (source, destination, port and interface)
> Stateful Inspection
Firewall
filtering with monitoring and interpretation of the status of the individual connections
> RADIUS
Central check of access authorization at a RADIUS server (PPP and Login Authentication)
> Authentication
PPP mechanisms (see Software)
> H.323 proxy
Protection of the Intranet (e.g. by NAT)
>VLAN
Network nodes in different network segments behave like a arbitrary group connected to the
same network segment
> Encryption for PPP
MPPE up to 128 bit other up to 168 bit
> VPN - IPSec
inclusive, with a max. of 250 simultaneous tunnels
> VPN - IPSec
Powerful encryption up to 256 bits (DES, 3DES, CAST, Blowfish, Twofish, AES)
> VPN - PPTP
With PPTP
> VPN - PPTP
Strong encryption up to 128 bits (MPPE), up to 168 bits (DES/3DES, Blowfish)
> DynDNS / DynVPN
Router can still be reached over the Internet in spite of dyn. IP address
> IKE for IPSec
Pre-Shared Keys and X.509 certificate support
> X.509
X.509 v1/v3 certificates (PKCS#7/8/10, CLRs, SCEP)
> QoS for IPSec
Available
> PKI Support for
IPSec
Available
> NAT Traversal for
IPSec
Available
>IPCOMP
IP Compression
> Hardware
Encryption
Not Available
>> Maintenance and Service
> ISDN logging
ISDN event & system logging: recording of all relevant connection data, e.g. intrusion
attempts
>SNMP
Complete management with MIB-II, Enterprise MIB, inclusive SNMP management software
for Windows (DIME Tools and Browser)
> SSH login
Secure connections for terminal applications
> Local / remote
administration
Complete configuration and maintenance, local and remote, over Ethernet, ISDN Login or
serial interface
> Trace / debugging /
monitoring
Traces for ISDN B-/D-channel, R-CAPI traces, Ethernet traces, reason for call break, ISDN
signaling information
> Email alert
Available
> DHCP
Server and client for simplified configuration for TCP/IP
> Setup Tool
Integrated, menu-based, intuitive setup program, standard for the whole Bintec product
portfolio
> HTML Setup Tool
HTML interface accessible through a Java Script enabled browser
> H.323 gatekeeper
Communication control between gateway and H.323 terminals
> XADMIN
Roll out tool for larger router installations (IP and ISDN)
> Activity Monitor
Controls router activities from each LAN PC
> Documentation
Complete toolset and documentation on CD
> Guarantee
2-year manufacturer's guarantee
Bintec Access Networks GmbH - Suedwestpark 94 - D-90449 Nuremberg
Phone: +49 - 180 300 9191 0
Fax: +49 - 180 300 9193 0
E-Mail: [email protected] - www.bintec.net
Data Sheet VPN Access 250
20.1.2005
Subject to technical alterations
-
1
-
2
-
3
-
4
Ask a question and I''ll find the answer in the document
Finding information in a document is now easier with AI
Related papers
Other documents
-
Bintec-elmeg 24511 Datasheet
-
-
Teldat 5510000265 Datasheet
-
-
-
-
-
-
Teldat bintec RXL12100 Installation guide
-
Abocom FT128MX User manual