Hardware Interface Options Many of the Nortel VPN Routers discussed so far have optional equipment that can be supported. This section discusses some of these optional modules and what each one can offer. Peripheral Component Interconnect Expansion Slots The Peripheral Component Interconnect (PCI) is a computer-based standard that specifies the subsystem that provides for the transfer of data between multiple computer components. PCI devices can be the circuits that are installed on a computer motherboard, as well as expansion modules that fit into expansion slots on a computer motherboard. By providing these expan- sion slots and developing the separate expansion modules, users gain more flexibility in choosing the functions that are (and will be) available to them. 10/100Base-T Ethernet The Ethernet standard is a networking technology that was developed to define wiring and signaling required in a LAN to transfer data. Ethernet became popular in the 1990s and has become the most widely used network- ing technology in most LANs today. The 10/100Base-T Ethernet module’s name can be broken down as follows: ■■ 10/100: Refers to the transmission speed that is supported by the mod- ule. The “10” refers to a transmission speed of 10 Mbps and the “100” refers to a transmission speed of 100 Mbps. This is a configurable option, supporting either 10 or 100 Mbps. ■■ Base: Refers to the baseband signaling. A signal is a flow of electronic information, usually modulated as a time or position function. Because many lower signals are normally sent to higher signal frequencies for transmission, the lower signals are considered the base, hence baseband signaling. ■■ T: Refers to the twisted-pair cabling that is used for this standard. 1000Base-SX/1000Base-T Ethernet 1000Base-SX and 1000Base-T are Gigabit Ethernet (GbE) standards. 1000Base-T is a GbE standard for implementing Ethernet at a speed of 1 gigabit per sec- ond. While it is not a standard for most small LAN configurations, it is slowly becoming a standard in many medium to large LANs. 42 Chapter 2 05_781274 ch02.qxp 6/22/06 12:12 AM Page 42 The 1000Base-SX and 1000Base-T Ethernet module’s name can be broken down as follows: ■■ 1000: Refers to the transmission of 1,000 Mbps, or 1 gigabit/second (Gbps). ■■ Base: Refers to the baseband signaling. ■■ T: Refers to the twisted-pair cabling that is used for this standard. ■■ SX: Refers to the simplex multimode fiber cabling that is supported. 1000Base-T is one of the GbE standards that is supported on the Nortel VPN Routers. At a minimum, the 100Base-T standard requires Category 5 enhanced twisted-pair cabling. 1000Base-SX is one of the GbE standards that is supported on the Nortel VPN Routers. 1000Base-SX requires multimode fiber-optic cabling. Multi- mode fiber is used for shorter distances (normally within a building). CSU/DSU The Channel Service Unit (CSU)/Data Service Unit (DSU) is a device that is used to connect a router to a digital circuit for the purpose of data transmission over a high-speed network. The CSU/DSU works exactly like a modem does for dial-access lines. The CSU/DSU provides signal timing between the router and the end device, typically a Telco switch. It also is the termination device between the physical connections. T1/E1 The T1 carrier is a digital communication service in use today in the United States and in Japan. It is part of the T-carrier telecommunications system, which was introduced by Bell Labs in the 1960s. The T1 carrier system line supports twenty-four 64 Kbps channels for the transmission of digital data. The T1 line incorporates Pulse Code Modulation (PCM), which is a standard for digitizing analog data, and Time Division Multi- plexing (TDM), which is a standard for transmitting multiple streams of data into a single signal. The T1 line can transmit data at an overall rate of 1.54 Mbps. In today’s Internet, most Internet providers connect to the Internet over a T1 line. In the business world, most major corporations use T1 to connect to the Internet providers, ensuring the fast data rate through the entire communications process. The Nortel VPN Router 43 05_781274 ch02.qxp 6/22/06 12:12 AM Page 43 The E1 carrier is a European digital communication service that is in use by pretty much the rest of the world. It is part of the E-carrier telecommunications system. The E1 signal carries data at a rate of 2.048 Mbps and comprises thirty- two 64 Kbps channels. ADSL As mentioned in Chapter 1, the Asymmetrical Digital Subscriber Line (ADSL) is a Digital Subscriber Line (DSL) standard that utilizes the traditional telephone cable and expands the bandwidth usage of that cable. ADSL is asymmetric in that it can transfer data faster in one direction than it can in the other direction. This is very desirable to users who have traditionally connected to the Internet over a standard modem. ADSL provides rapid download speeds (256 Kbps to 8 Mbps). The upload speeds are typically 64 Kbps to 1,024 Kbps. Another benefit of ADSL over a traditional modem is that you can use the same line for a phone call and for Internet access. Traditional dialup modems cannot run the two simultaneously. Serial Interfaces (V.35, X.21, RS-232) A serial interface (or serial port) is one where only 1 bit of information is trans- mitted at a time, sent 1 bit after the other in a serial stream. In full-duplex operation, the serial line will receive data over one line and will transmit over another. In half-duplex operations, only one line is used. The V.35 interface is a standard used by most routers in the United States today to connect to T1 carriers for the purpose of synchronous data exchange. An International Telecommunication Unit-Telecommunications sector (ITU-T) standard, the V.35 standard supports data transmission speeds up to 48 Kbps. The X.21 interface supports the X.21 standard that is governed by the ITU-T. X.21 is a standard for data communication between user devices and a circuit switch network supporting speeds up to 2 Mbps, although data transfer at 64 Kbps is the most commonly used speed. RS-232 is the most commonly used serial line standard. The RS stands for “Recommended Standard” and it is a standard defining communications between a Data Terminal Equipment (DTE) interface (such as a computer) and a Data Circuit Equipment (DCE) interface (such as a modem). The RS-232 stan- dard does not establish transmission speeds like the X.21 and the V.35 do. The RS-232 standard is maintained by the Electronic Industries Alliance (EIA) and the Telecommunications Industry Association (TIA). 44 Chapter 2 05_781274 ch02.qxp 6/22/06 12:12 AM Page 44 V.90 Dial Access Modem Sometimes referred to as the V.Last modem standard, the V.90 is a standard approved by the International Telecommunication Union (ITU) for the 56 Kbps modem. The introduction of the V.90 standard merged some proprietary modem standards into a standard that most modem manufacturers now con- form to. Modems that were produced prior to the V.90 standard can, for the most part, be upgraded with software to make them V.90-compliant. The V.90 stan- dard communicates at a download speed of 56 Kbps and an upload speed of 33.6 Kbps. The V.90 standard is referred to as V.Last because, at the time it became a standard, it was thought that it would be the last standard for a traditional modem. Interestingly enough, other standards have been introduced since. High Speed Serial Interface The High Speed Serial Interface (HSSI) standard is a serial interface that can sup- port data transmission as fast as 52 Mbps. HSSI is used to connect a DTE device to a DCE device and is normally supported over a T3 line. HSSI is supported over short distances (up to 50 feet) and can interconnect the slower LAN speeds with the high speed afforded on the Internet. It uses shielded twisted-pair (STP) cabling. HSSI operates at Layer 1 of the OSI Reference Model. It controls both the physical and the electrical interfaces on the DCE and the DTE equipment, and utilizes a standard called “gapped timing,” which allows a DTE device to con- trol the timing of data from the DCE device by adjusting the clock speed. Encryption Accelerator Modules The Encryption Accelerator Module is used to encrypt and compress IPSec data that is forwarded to the VPN Router. The module supports AES-128 crypto- graphy with SHA-1 authentication, as well as 3DES with either SHA-1 or MD5 authentication. The module comes with 64MB of RAM. This allows the mod- ule to handle most of the IPSec encryption and, therefore, frees the router’s CPU cycles to process other data. Console Port (DB-9) The console port is a standard user interface that allows direct access to the router for management of the router. This is very useful when first configuring the router, as well as allowing access when a Telnet session is not available. The Nortel VPN Router 45 05_781274 ch02.qxp 6/22/06 12:12 AM Page 45 The DB-9 interface is a standard interface that identifies the shape and the number of pins contained in the interface. It consists of two rows of parallel pins, four pins on the top and five on the bottom. The interface itself is shaped like a “D.” Most network devices have this type of a console connection that allows access to the device. Nortel VPN Router Solutions The Nortel VPN Router family has a VPN Router model that will serve the needs of anyone who utilizes VPN for data security and remote access. From remote office to remote office communications, to retail store remote access to a corporate LAN, the Nortel VPN Router portfolio can meet the needs of any VPN solution. There are thousands of network configurations out in the world today. Each of these networks maintains different topology configurations. Networks uti- lize different protocols for data communication, and each of them supports different business needs. Because there is such a diverse set of needs, Nortel has provided a solution that can support these needs. For the employee who works from home and needs reliable, secure access to the corporate network, Nortel offers various solutions. Figure 2-2 shows a cou- ple of Nortel VPN Routers that would support a home-based tunnel. Figure 2-2: The VPN Router 100, 221, and 251 are all good home office VPN solutions Home Office Nortel VPN Router 100 Nortel VPN Router 221 and 251 Corporate Lan 46 Chapter 2 05_781274 ch02.qxp 6/22/06 12:12 AM Page 46 Nortel also has a solution for companies having remote offices that share data. Figure 2-3 shows an example of a remote office-to-remote office tunnel. For the remote offices that need to connect to the corporate office to share data and utilize corporate resources, Nortel offers several routers that can sup- port this type of configuration. Figure 2-4 shows an example of remote Branch office connectivity. Figure 2-3: The VPN Router 600 is a great branch office–to–branch office solution. Figure 2-4: Nortel VPN Router 1010, 1050, and 1100 are all excellent solutions for remote branch offices. Remote Office VPN Router 1050 VPN Router 1010 VPN Router 1100 Remote Branch Office A Remote Branch Office B Nortel VPN 600 The Nortel VPN Router 47 05_781274 ch02.qxp 6/22/06 12:12 AM Page 47 Nortel also offers several VPN Routers that can serve as a core edge VPN Router for small (see Figure 2-5), medium (see Figure 2-6), and large (see Fig- ure 2-7) LAN campuses. VPN Router 100 The VPN Router 100 is designed with smaller branch offices and telecom- muters in mind. The VPN Router 100 allows for one WAN connection and up to five active tunnels. The VPN Router 100 is a very cost effective model. It supports home-based users, as well as small branch offices. The VPN Router 100 can be implemented into a current network design without causing changes to the current configu- ration of the devices on the network. The VPN Router 100 also supports proxy firewall solutions, which allows for all traffic destined for the Internet to be forwarded to a firewall server. This helps control the data that can be accessed on the Internet, as well as control access to the private network. Figure 2-5: The Nortel VPN Router 1740 and 1750 are made to support smaller corporate LANs. LAN Segment Smaller-sized Corporate LAN LAN Segment VPN Router 1740 VPN Router 1750 48 Chapter 2 05_781274 ch02.qxp 6/22/06 12:12 AM Page 48 Figure 2-6: The Nortel VPN Router 2700 is a great solution for medium-sized corporate LANs. Figure 2-7: The Nortel VPN Router 5000 is designed with large corporate LANs in mind. LAN Segment LAN Segment LAN Segment LAN Segment Large-sized Corporate LAN Nortel VPN Router 5000 LAN Segment LAN Segment Medium-sized Corporate LAN LAN Segment VPN Router 2700 The Nortel VPN Router 49 05_781274 ch02.qxp 6/22/06 12:12 AM Page 49 Overview The VPN Router 100 provides and supports connectivity over the Internet to a LAN. It supports IPSec tunneling, encryption, authentication, and firewall protection. The VPN Router 100 is great for smaller remote users, especially when cost is a major consideration. It gives the security and encryption necessary to main- tain security without requiring any additional external networking equipment. Remote management access is supported on this router, which is a huge benefit, especially when the corporate LAN supports multiple remote offices. User access through an Internet Branch Office Tunnel is made available with- out any changes to current remote LAN applications and configurations. Technical Specifications The VPN Router 100 contains 16MB of RAM and has 8MB on-board flash memory. It comes with standard User and Network Interfaces. There is one 10/100 Ethernet LAN port, along with a seven-port 10/100 Ethernet switch for users. Finally, as a standard interface, there is a serial port for out-of-band management. There are several optional interfaces for the VPN Router 100 as well. The router will support an additional 10/100 Ethernet interface, an ISDN interface, and a single or a dual analog modem. Figure 2-8 shows the VPN Router 100. VPN Router 200 Series The VPN Router 200 series is designed with smaller branch offices and telecommuters in mind. It is available in two models: the VPN Router 221 and the VPN Router 251. The VPN Router 200 series provides advanced IPSec capabilities and sup- ports up to five VPN tunnels. The VPN Router 200 series supports stateful fire- wall and URL/content filtering. The VPN Router 200 series also contains an integrated ADSL option. VPN Router 221 The Nortel VPN Router 221 is designed for home-based employees and branch offices. It is a cost-effective solution that supports stateful firewall inspection, as well as Denial of Service (DoS) protection. In addition to stateful firewall and VPN services, the VPN Router 221 supports IP routing and con- tent filtering. It is an all-in-one solution. Encryption standards that are sup- ported on the VPN 221 are Data Encryption Standard (DES), Triple Data Encryption Standard (3DES), and Advanced Encryption Standard (AES). 50 Chapter 2 05_781274 ch02.qxp 6/22/06 12:12 AM Page 50 Figure 2-8: The Nortel VPN Router 100 Overview The VPN Router 221 provides and supports connectivity over the Internet to a LAN. It supports IPSec tunneling, encryption, authentication, and firewall protection. The VPN Router 221 is great for smaller remote use, especially when cost is a major consideration. It gives the security and encryption necessary to maintain security without requiring any additional external networking equipment. Remote-management access is supported on this router, which is a huge benefit, especially when the corporate LAN supports multiple remote offices. User access through an Internet Branch Office Tunnel is made available with- out any changes to current remote LAN applications and configurations. Technical Specifications The VPN Router 221 comes with standard user and network interfaces. There is one 10/100 Ethernet LAN port, along with a four-port 10/100 Ethernet switch for users. As a standard interface, there is a console port for out-of-band management. Figure 2-9 shows the VPN Router 221. The Nortel VPN Router 51 05_781274 ch02.qxp 6/22/06 12:12 AM Page 51 [...]... Flash 128 MB RAM, 64MB Flash 128 25 6MB RAM 128 25 6MB RAM 128 25 6MB RAM 25 6–512MB RAM 512MB– 1.5GB RAM PLATFORM VPN Router 1005 VPN Router 22 1 VPN Router 25 1 VPN Router 600 VPN Router 1010 VPN Router 1050 VPN Router 1100 VPN Router 1700 VPN Router 1740 VPN Router 1750 VPN Router 27 00 VPN Router 5000 5 3 4 3–4 1 2 None None 1 None None None PCI EXPANSION SLOTS Dual 2. 2 GHz Intel 1.33 GHz Pentium III 850 MHz... 52 Chapter 2 Figure 2- 9: The Nortel VPN Router 22 1 VPN Router 25 1 The Nortel VPN Router 25 1 is designed for home-based employees and branch offices It is a cost-effective solution that supports stateful firewall inspection, as well as DOS protection In addition to stateful firewall and VPN services, the VPN Router 25 1 supports IP routing and content filtering It is an... modem, and 100Base-T or 100Base-SX Ethernet Standard software options are the Secure Router Bundle, which allows for up to 5 VPN tunnels and RIPv2 IP Routing support Also standard is the Nortel VPN Client software with unlimited license The other software standard option is the VPN Bundle, which supports up to 500 VPN tunnels and RIPv2 support, as well as the VPN Client software package 61 62 Chapter 2. .. license key to access and utilize Accounting Services The router software provides detailed accounting features that enable network administrators to monitor and obtain historical records vital to the safety and security of the VPN Router It allows administrators to set up automatic logging to external devices, support for internal and external Radius logging, and system event logging services Bandwidth... support for 2, 000 VPN Tunnels with RIPv2 support) Standard with each package is the Nortel VPN Client software with unlimited license Optionally, there are license upgrades available to support the following: ■ ■ Advanced routing ■ ■ OSPF ■ ■ VRRP ■ ■ Bandwidth management ■ ■ DLSW ■ ■ VPN tunnel upgrade (up to 20 00 tunnels) ■ ■ Stateful firewall Figure 2- 17 shows the VPN Router 27 00 Figure 2- 17: The Nortel. .. upgrades available to support the following: ■■ Advanced routing ■■ OSPF ■■ VRRP ■■ Bandwidth management ■■ Data Link Switching (DLSW) ■■ VPN tunnel upgrade (up to 30 tunnels) ■■ Stateful firewall Figure 2- 12 shows the VPN Router 1010 Figure 2- 12: The Nortel VPN Router 1010 The Nortel VPN Router VPN Router 1050 The VPN Router is a compact solution ideal for remote offices It can support up to five concurrent... PLATFORM Table 2- 3: Comparison Chart of Supported, Optional Equipment (Part 2) PLATFORM ADSL? SSL? ACCELERATOR? V.90 MODEM? ISDN BRI? VPN Router 100 No No No Yes Yes VPN Router 22 1 No No No No No VPN Router 25 1 Yes No No No No VPN Router 600 Yes No No Yes Yes (continued) 69 70 Chapter 2 Table 2- 3: (continued) PLATFORM ADSL? SSL? ACCELERATOR? V.90 MODEM? ISDN BRI? VPN Router 1010 No No No No No VPN. .. Router 1750 VPN Router 27 00 The VPN Router 27 00 is a VPN solution ideal for medium- to large-sized LAN campuses The VPN Router 27 00 can support up to 2, 000 concurrent tunnels Optional software licensing can ensure that the VPN Router 27 00 can support your network as an IP router, a dedicated VPN switch, a firewall solution, or any combination of these 63 64 Chapter 2 Figure 2- 16: The Nortel VPN Router... Ethernet Standard software options allow for up to five VPN tunnels and RIPv2 IP routing support Also standard is the Nortel VPN Client software with unlimited license Optionally, there are license upgrades available to support the following: ■ ■ Advanced routing ■ ■ OSPF ■ ■ VRRP ■ ■ Bandwidth management ■ ■ DLSW ■ ■ VPN tunnel upgrade (up to 500 tunnels) ■ ■ Stateful firewall Figure 2- 16 shows the VPN Router... ADSL, and 56/64K CSU/DSU Standard software options allow for up to five VPN tunnels and RIPv2 IP routing support Also standard is the Nortel VPN Client software with unlimited license Optionally, license upgrades are available to support the following: ■ ■ Advanced routing ■ ■ OSPF ■ ■ VRRP ■ ■ Bandwidth management ■ ■ DLSW ■ ■ VPN tunnel upgrade (up to 30 tunnels) ■ ■ Stateful firewall Figure 2- 14 . 2- 2: The VPN Router 100, 22 1, and 25 1 are all good home office VPN solutions Home Office Nortel VPN Router 100 Nortel VPN Router 22 1 and 25 1 Corporate Lan 46 Chapter 2 05_78 127 4 ch 02. qxp 6 /22 /06. console port for out-of-band management. The Nortel VPN Router 55 05_78 127 4 ch 02. qxp 6 /22 /06 12: 12 AM Page 55 Standard software options allow for up to five VPN tunnels and RIPv2 IP routing support Ethernet switch for users. As a standard interface, there is a console port for out-of-band management. Figure 2- 9 shows the VPN Router 22 1. The Nortel VPN Router 51 05_78 127 4 ch 02. qxp 6 /22 /06 12: 12 AM