Teldat bintec R3002
Contents
1. leldat JI bintec elmeg VPN GATEWAY pa N ae bintec R3002 4 ej oo The VPN gateway with ADSL 2 modem bintec R3002 e ADSL 2 modem ADSL over POTS ISDN VPN Gateways certified by 5 x Gigabit Ethernet s7s passcode e 19 housing with integrated power supply Web based configuration wizards e IPSec 10 tunnels opt up to 110 HW acceleratic e IPv6 e Stateful Inspection Firewall ETH2 ETH3 eldat bintec R3002 The VPN gateway with ADSL 2 modem The flexible R3002 VPN gateway with its ADSL 2 modem supporting both Annex A and B is suitable for use around the globe in both SMEs and medium sized corporate headquarters The bintec R3002 is a powerful and thanks to its comprehensive equipment flexible VPN gateway The integrated ADSL 2 modem on the R3002 supports Annex B ADSL over ISDN which is predominantly used in Germany as well as the international Annex A ADSL over POTS and its extension Annex M making it suitable for use in many countries With its 19 inch metal housing and highly efficient internal switched mode power supply the gateway guarantees long term reliability in critical corporate applications This makes the R3002 ideal for use as a VPN gateway in SMEs and company head offices The device has five Gigabit Ethernet ports which can be configured for LAN WAN or DMZ and comes with a licence for ten hardware accelerated IPSec tunnels Up to 100 additional IPSec tunnels c2. switch german and intern version Features Teldat GmbH Suedwestpark 94 90449 Nuremberg Germany bintec R3002 Phone 49 911 9673 0 Telefax 49 911 688 07 25 29 10 2013 E Mail info teldat de www teldat org Subject to technical alterations Page 3 11 DSL ADSL ADSL 2 ADSL 2 ADSL ADSL 2 ADSL 2 ADSL 2 ADSL 2 ADSL ATM ATM ATM ATM ISDN CAPI ISDN protocols ISDN auto configuration ISDN leased lines B channel protocols X 31 over CAPI Bit rate adaption VPN PPTP PAC PNS PPP PPTP hardware acceleration GRE v 0 L2TP Number of VPN tunnels IPSec Number of VPN tunnels IPSec Algorithms Teldat GmbH Suedwestpark 94 90449 Nuremberg Germany Phone 49 911 9673 0 Telefax 49 911 688 07 25 E Mail info teldat de www teldat org VTeldat FI bintec elmeg ADSL over ISDN ITU G 992 1 Annex B ISDN compatible to U R2 connection of Deutsche Telekom G Lite ITU G 922 2 ADSL over ISDN ITU G 992 3 ITU G 992 5 Annex B ADSL over POTS ITU G 992 1 Annex A G Lite ITU G 922 2 ADSL over POTS ITU G 992 3 ITU G 992 5 Annex A ADSL2 over POTS Annex L ADSL2 over POTS Annex M Support of Dying Gasp Support of layer 1 protocol AAL5 PVCs RFC 1483 Support of up to 7 virtual channels VC Support of OAM F4 F5 line monitoring Support of ATM traffic management COS CBR VBR UBR CAPI 2 0 with CAPI user concept password for CAPI use Euro ISDN Point to muli
3. 2 files via TFTP HTTP HTTP LDAP file upload and manual via FCI Certificates management via SCEP Simple Certificate Enrollment Protocol Support of remote CRLs on a server via LDAP or local CRLs Continuous control of IPSec connection Transmission of dynamic IP address in ISDN D or B channel free of charge licence necessary Enables the registering of dynamic IP addresses by a dynamic DNS provider for establishing a IPSec connection Authentication of IPSec connections at a RADIUS server Additionally the IPSec peers which were configured on a RADIUS server can be loaded into the gateway RADIUS dialout Enables the Dial in of several IPSec clients via a single IPSec peer configuration entry The possibility to operate Quality of Service traffic shaping inside of an IPSec tunnel By activating of NAT on an IPSec connection it is possible to implement several remote locations with identical local IP addess networks in different IP nets for the VPN connection 86 Mbps with 1400 Byte packets with AES 256 AES 128 3 DES encryption 19 Mbps with 1400 Byte packets with AES 256 AES 128 3 DES encryption Symmetric Network and Port Address Translation NAT PAT with randomly generated ports inclusive Multi NAT 1 1 translation of whole networks Network and Port Address Translation via different criteria like IP protocols source destination IP Address source destination port For incoming and outgoing connections and for each inte
4. TS 1 x BRI TE 2 B channels Mountable in 19 inch rack incl 19 inch rack mount kit System time persists even at power failure for some hours Temperature range Operational 0 C to 40 C storage 10 C to 70 C Max rel humidity 10 95 non condensing Integrated wide range power supply 110 240V with energy efficient swiching controller Max 15 Watt typ 13 Watt 19 inch 1 high unit metal case screw on 19 inch mounting angle LEDs and network connectors at front side Ca 485 6 mm x 220 mm x 45 mm W x H x D Ca 2600g Fanless design therefor high MTBF Restart or reset to factory state possible R amp TTE directive 1999 5 EG EN 55022 EN 55024 EN 55024 A1 EN61000 3 2 EN 61000 3 3 EN 61000 4 4 EN 60950 1 EN 300 328 Teldat GmbH Suedwestpark 94 90449 Nuremberg Germany bintec R3002 Phone 49 911 9673 0 Telefax 49 911 688 07 25 29 10 2013 E Mail info teldat de www teldat org Subject to technical alterations Page 9 11 Content of Delivery Manual DVD Ethernet cable Network cable Serial cable ADSL cable ADSL cable ISDN BRI SO cable Service Warranty Software Update Options MPPC and Stac compression IP address ISDN B D channel license Accessoires WLAN Controller License WLAN Contr 6AP 5500000943 Software Licenses Rxx02 RTxx02 RXL12xxx IPSEC25 5500000781 Rxx02 RTxx02 X25 5500000783 Cobion Content Filter Small 80551 VTeldat JJ bintec elm
5. an also be enabled if licensed The built in ISDN BRI interface can be used as a remote configuration access and as an ISDN backup interface Using functions flexibly Only a few functions are required to forward data between two networks Bintec gateways have features that go far beyond just routing and allow it to be seamlessly integrated into complex IT infrastructures As routing protocols you can use RIP OSPF or the Multicast routing protocol PIM SM for example and the comprehensive multicast support makes the device ideal for use in multimedia and streaming applications Even the basic equipment of the bintec R3002 provides a SIP application level gateway ALG for the direct connection of IP telephones in the network or for registering with a VolP provider The ALG automatically controls the internal firewall making it easier to configure your VolP solution Thanks to the integrated quality of service you can prioritise VolP traffic over normal internet traffic for example and thereby always ensure sufficient bandwidth for your IP voice connections Alternatively you can give normal data traffic priority over e mail traffic The DNS proxy function supports the LAN for address implementation and the automated IP configuration of PCs is carried out over an integrated DHCP server Remote CAPI is available for the joint use of various ISDN services Comprehensive IPSec implementation The IPSec implementation integrated in bintec R3002 work
6. and RIPv2 separated configurable for each interface Triggerd RIP updates according RFC 2091 and 2453 Poisened Rerverse for a better distribution of the routes furthermore the possibility to define RIP filters for each interface Support of the dynamic routing protocol OSPF On request 199 Mbps with 1518 Byte packets 198 Mbps with 256 Byte packets Protocols Encapsulations PPP MLPPP PPPoE Server Client MLPPPoE Server Client PPPoA IPoA DNS DYN DNS DNS Forwarding DHCP Packet size controling X 25 Enhanced Teldat GmbH Suedwestpark 94 90449 Nuremberg Germany Phone 49 911 9673 0 Telefax 49 911 688 07 25 E Mail info teldat de www teldat org Support of Point to Point Protocol PPP for establishing of standard PPP connections inclusive the Multilink extension MLPPP for the bundeling of several connections Point to Point Protocol over Ethernet Client and Server for establisching of PPP connections via Ethernet DSL RFC 2516 Multilink extension MLPPPoE for bundeling several PPPoE connections only if both sides support MLPPPoE Point to Point Protocol over ATM for establishing of PPP connections via ATM DSL Enables the easy routing of IP via ATM DNS client DNS server DNS relay and DNS proxy Enables the registering of dynamic assigned IP addresses at adynamic DNS provider e g for establishing of VPN connections Enables the forwarding of DNS requests of free configurable domains to assig
7. eg Quick Installation Guide in German and English DVD with system software management software and documentation 1 Ethernet cable 3m Power cable Serial cable mini USB DSUB 9 female ADSL cable RJ45 RJ11 2m ADSL cable RJ45 RJ45 2m ISDN BRI SO cable 3m 2 year manufacturer warranty inclusive advanced replacement Free of charge software updates for system software BOSS and management software DIME Manager Free of charge license for Stac and MPPC compression registration under www teldat de required Free of charge license for IP address transmission in ISDN D or B channel for IPSec connections registering under www teldat de required WLAN Controller license for 6 Access Points APs or for the extension with 6 APs for the products Rxxx2 and RXL12x00 Additional 25 IPSec tunnel license for Rxx02 RTxx02 and RXL12xxx series License for X 25 XOT X25toTCP for Rxx02 and RTxx02 series Cobion content filter for RSxxx Rxx02 RTxx02 series R230a w R232b w TR200 R1200 w wu R3000 w R3400 R3800 R232aw list price for one year Pick up Service Warranty Extension Teldat GmbH Suedwestpark 94 90449 Nuremberg Germany Phone 49 911 9673 0 Telefax 49 911 688 07 25 E Mail info teldat de www teldat org bintec R3002 29 10 2013 Subject to technical alterations Page 10 11 VTeldat JII bintec elmeg Pick up Service Warranty Extension Service Package medium 5500000812 Warranty
8. extension of 3 years to a total of 5 years including advanced replacement for Teldat products of the category medium Please find a detailed description as well as an overview of the categories on www teldat de servicepackages Product Services HotSpotHosting lyr 1 location 5510000198 HotSpot solution hosting fee for 1 year and 1 location HotSpotHosting 2yr 1 location 5500000861 HotSpot solution hosting fee for 2 year and 1 location Additional HotSpot location 5510000199 Additional location for the HotSpot solution 551000198 5500000861 valid for one year Cables Console Cable MiniUSB to DSUB9 Serial console cable for RS RT Rxx02 Series and hybird Mini USB to D SUB 9 5500000717 Teldat GmbH Suedwestpark 94 90449 Nuremberg Germany bintec R3002 Phone 49 911 9673 0 Telefax 49 911 688 07 25 29 10 2013 E Mail info teldat de www teldat org Subject to technical alterations Page 11 11
9. gin authentication On a RADIUS server configured PPP und IPSec connection can be loaded into the gateway RADIUS dialout Support of TACACS server for login authentication and for shell comando authorization The device system time can be obtained via ISDN and from a SNTP server up to 3 time server configurable The obtained time can also be transmitted per SNTP to SNTP clients Time zone profiles are configurable That enables an automatic change from summer to winter time DIME Manager XAdmin Configuring of time and event controlled tasks e g reboot device activate deactivate interface activate deactivate WLAN trigger SW update and configuration backup Integrated web server for web based configuration via HTTP or HTTPS supporting self created certificates This user interface is by most of Teldat GmbH products identical Software updates are free of charge update via local files HTTP TFTP or via direct access to the Teldat web server Remote maintenance via telnet SSL SSH HTTP HTTPS and SNMP V1 V2 V3 Serial configuariton interface is available Remote maintenance via ISDN dial in with checking of the calling number The ISDN remote maintenance connection between two Teldat devices can be encrypted A transparent mode enables transmissions of configurations and software updates respectively Remote maintenance via GSM login external modem and cable required Device discovery via SNMP multicast No reboot after
10. groups Support of up to 32 VLAN Virtual LAN for segmentation of the network in independent virtual segments workgroups Enables the router to answer ARP requests for hosts which are accessible via the router That enables the remote clients to use an IP address from the local net Logging Monitoring Reporting Internal system logging External system logging E Mail alert SNMP traps Activity Monitor IPSec monitoring Interfaces monitoring ISDN monitoring Syslog storage in RAM display via web based configuration user interface http https filter for subsystem level message Syslog several syslog server with different syslog level configurable Automatic E Mail alert by definable events SNMP traps v1 v2 v3 configurable Sending of information to a PC on which Brickware is installed Display of IPSec tunnel and IPSec statistic output via web based configuration user interface http https Statistic information of all pysical and logical interfaces ETHO ETH1 SSIDx output via web based configuration user interface http https Display of active and past ISDN connections output via web based configuration user interface http https Teldat GmbH Suedwestpark 94 90449 Nuremberg Germany bintec R3002 Phone 49 911 9673 0 Telefax 49 911 688 07 25 29 10 2013 E Mail info teldat de www teldat org Subject to technical alterations Page 7 11 VTeldat JII bintec elmeg Logging Monitor
11. iguration and monitoring of small and medium sized WLANs with up to 72 access points Whether it is for frequency management which automatically determines the radio channels for the support of virtual LANs or for the management of virtual radio networks Multi SSID the WLAN Controller offers easy control over all advanced features Our software continuously monitors the entire wireless LAN and immediately reports outages and security risks DIME Manager from Teldat is a free tool for managing Teldat devices Dime Manager is aimed at administrators who manage networks with up to 50 devices The software simplifies the management and configuration of gateways or access points either individually or in logical groups When developing DIME Manager simple and efficient operation was the primary aim It allows for example software updates to be applied to individual devices or groups of devices simply by drag and drop DIME Manager recognises and manages new devices in the network using SNMP multicasts in other words independent of their current IP address Variants bintec R3002 UK 5510000263 VPN Gateway 19 inch rack incl ADSL modem Annex A B 1x ISDN BRI incl 10 IPSec tunnels opt max 110 certificates HW encryption 4 1 Gigabit Eth switch UK version bintec R3002 5510000211 VPN Gateway 19 inch rack incl ADSL modem Annex A B 1x ISDN BRI incl 10 IPSec tunnels opt max 110 certificates HW encryption 4 1 Gigabit Eth
12. ing Reporting IP accounting ISDN accounting RADIUS accounting Keep Alive Monitoring Tracing Tracing Detailed IP accounting source destination port interface and packet bytes counter transmission also via syslog protocol to syslog server Detailed ongoing recording of ISDN connection parameter like calling number and charging information transmission also via syslog protocol to syslog server RADIUS accounting for PPP PPTP PPPoE and ISDN dialup connections Control of hosts connections via ICMP polling Detailed traces can be done for different protocols e g ISDN PPPoE generation local on the device and remote via DIME Manager Traces can be stored in PCAP format so that import to different open source trace tools e g wireshark is possible Administration Management RADIUS RADIUS dialout TACACS Time synchronization Automatic Time Settings Supported management systems Configurable scheduler Configuration Interface FCI Software update Remote maintenance Configuration via serial interface ISDN remote maintenance ISDN remote maintenance GSM remote maintenance Device discovery function On The Fly configuration Teldat GmbH Suedwestpark 94 90449 Nuremberg Germany Phone 49 911 9673 0 Telefax 49 911 688 07 25 E Mail info teldat de www teldat org Central check of access authorization at one or several RADIUS server RADIUS PPP IPSec inclusive X Auth and lo
13. ned DNS server DHCP Client Server Proxy and Relay for siplified TCP IP configuration Adaption of PMTU or automatic packet size controling via fragmentation Optional X 25 over ISDN XOT X 25 to TCP Gateway X 25 PAD TPO Bridge bintec R3002 29 10 2013 Subject to technical alterations Page 6 11 VTeldat JII bintec elmeg Quality of Service QoS Policy based Traffic Shapping Bandwidth reservation DiffServ Layer2 3 tagging TCP Download Rate Control Dynamic bandwidth management via IP traffic shaping Dynamic reservation of bandwidth allocation of guaranteed and maximum bandwidths Priority Queuing of packets on the basis of the DiffServ TOS field Conversion of 802 1p layer 2 priorisation information to layer 3 diffserv attributes For reservation of bandwidth for VoIP connections Redundancy Loadbalancing BRRP BoD Load Balancing VPN backup Layer 2 Functionality Bridging VLAN Proxy ARP Bintec Router Redundancy Protocol for backup of several passive or active devices with free selectable priority Bandwidth on Demand dynamic bandwidth to suit data traffic load Static and dynamic load balancing to several WAN connections on IP layer Simple VPN backup via different media Additional enables the Teldat interface based VPN concept the application of routing protocols for VPN connections Support of layer 2 bridging with the possibility of separation of network segment via the configuration of bridge
14. reconfiguration required bintec R3002 29 10 2013 Subject to technical alterations Page 8 11 Teldat JII bintec elmeg Administration Management SNMP SNMP configuration Configuration export and import SSH login HP OpenView XAdmin Interfaces Ethernet Serial console ADSL ADSL 2 ADSL ADSL 2 ISDN Basic Rate BRI Hardware 19 inch Realtime clock Environment Power supply Power consumption Housing Dimension Weight Fan Reset button Standards and certifications Content of Delivery SNMP v1 v2 v3 USM model VACM views SNMP traps v1 v2 v3 configurable SNMP IP access list configurable Complete management with MIB II MIB 802 11 Enterprise MIB Load and save configurations optional encrypted optional automatic control via scheduler Supports SSH V1 5 and SSH V2 0 for secure connections of terminal applications Integration into Network Node Manager Support of XAdmin roll out and configuration managemant tool for larger router installations IP ISDN GSM 5 x 10 100 1000 Mbps Ethernet Twisted Pair autosensing Auto MDI MDI X up to 4 ports can be switches as additional WAN ports incl load balancing all Ethernet ports can be configured as LAN or WAN Serial console interface COM port mini USB optional connection of an analogue GPRS modem is possible supported modems see www teldat de ADSL over ISDN compatible to U R2 connection of Deutsche Telekom ADSL over PO
15. rface variable configurable Optional ISS Cobion Content filter 30 day test license inclusive Packet filtering depending on the direction with controling and interpretation of each single connection status bintec R3002 29 10 2013 Subject to technical alterations Page 5 11 Security Packet Filter Routing Policy based Routing Multicast IGMP Multicast IGMP Proxy Multicast Routing Protocol PIM SM Multicast inside IPSec tunnel RIP Extended RIP OSPF BGP4 Routing throughput 1518 Routing throughput 256 VTeldat JII bintec elmeg Filtering of IP packets according to different criteria like IP protocols source destination IP address source destination port TOS DSCP layer 2 priority for each interface variable configurable Extended routing Policy Based Routing depending of diffent criteria like IP protocols Layer4 source destination IP address source destination port TOS DSCP source destination interface and destination interface status Support of Internet Group Management Protocol IGMP v1 v2 v3 for the simultaneous distribution of IP packets to several stations For easy forwarding of multicast packets via dedicated interfaces Protocol Independent Multicast PIM distributes information via a central Rendezvous Point Server PIM Modus Sparse Mode SM forwards only packets to groups which have been requested Enables the transmission of multicast packets via an IPSec tunnel Support of RIPv1
16. rtificates PKI IPSec SCEP IPSec Certificate Revocation Lists CRL IPSec Dead Peer Detection DPD IPSec dynamic IP via ISDN IPSec dynamic DNS IPSec RADIUS IPSec Multi User IPSec QoS IPSec NAT IPSec throughput 1400 IPSec throughput 256 Security NAT PAT Policy based NAT PAT Policy based NAT PAT Content Filtering Stateful Inspection Firewall Teldat GmbH Suedwestpark 94 90449 Nuremberg Germany Phone 49 911 9673 0 Telefax 49 911 688 07 25 E Mail info teldat de www teldat org Teldat JII bintec elmeg Integrated hardware acceleration for IPSec encryption algorithms DES 3DES AES inclusive hardware acceleration for MD 5 SHA 1 Hash generation IPSec key exchange via preshared keys or certificates IKE Config Mode server enables dynamic assignment of IP addresses from the address pool of the company IKE Config Mode client enables the router to get assigned dynamically an IP address Internet Key Exchange protocol Extended Authenticaion client for login to XAUTH server and XAUTH server for loging of XAUTH clients Inclusive the forwarding to a RADIUS OTP One Time Password server supported OTP solutions see www teldat de Support of NAT Traversal Nat T for the application at VPN lines with NAT IPSec IPComp data compression for higher data throughput via LZS Support of X 509 multi level certificates compatible to Micrososft and Open SSL CA server upload of PKCS 7 8 10 1
17. s as additional WAN interfaces with external DSL modems or cable modems As a result there is not only more bandwidth available but there is the opportunity to spread data traffic across individual WAN connections according to load or data type Equally you can use an additional WAN connection e g SDSL for the VPN connection of branch offices and use the integrated ADSL 2 modem to guarantee the company s other data traffic Our bintec router redundancy protocol BRRP allows two devices to be operated so that they act as a single device in the LAN Both devices have their own IP and MAC addresses for each interface as well as a joint virtual IP and MAC address This is registered as the standard gateway for all computers in the LAN Both of the switched gateways communicate over the bintec protocol and if either device fails the other device automatically takes over the entire data traffic Simple configuration and maintenance The gateway is configured over the Configuration Interface FCI using the integrated configuration wizards for example The FCI is a web based graphic user surface that you can use from any PC with an up to date Web browser via an HTTP or encrypted HTTPS connection It also offers the opportunity to manage the devices locally and remotely over other configuration accesses such as Telnet SSH and ISDN login In addition the R3002 offers the option of the Teldat WLAN Controller The Teldat WLAN Controller allows the conf
18. s not only with preshared keys but also with certificates This allows a public key infrastructure to be created for maximum security The German Federal Office for Information Security also recommends the use of certificates Furthermore the bintec IPSec implementation offers support when creating VPN connections with dynamic IP addresses Even small branch offices can be reached without having to be permanently online If both VPN nodes only have dynamic IP addresses confidential information can continue The exchange of IP addresses is carried out either over dynamic DNS providers or directly over an ISDN connection The actual dynamic IP address is transferred either free of charge in the ISDN D channel or if this is not possible in the B channel at cost By using IKE Config mode and the bintec IPSec multi user this offers the opportunity to create and manage PSec dial in solutions for multiple clients with minimal expense and IKE X Auth extended authentication allows a connection to be secured with a one time password and thus with the highest level of security Load Balancing Redundancy Teldat GmbH Suedwestpark 94 90449 Nuremberg Germany bintec R3002 Phone 49 911 9673 0 Telefax 49 911 688 07 25 29 10 2013 E Mail info teldat de www teldat org Subject to technical alterations Page 2 11 Jeldat In addition to the integrated ADSL modem bintec R3002 offers the option to use two or even three Ethernet interface
19. tpoint Point to point Automatic recognition and configuration of ISDN protocols Supported leased lines D64S D64S2 TS02 D64S2Y Excellent interoperability with other manufacturers Raw HDLC CISCO HDLC X 75 Support for various connection paths X 31 A for ISDN D channel X 31 A B for ISDN B channel X 25 within ISDN B channel also leased lines V 110 1 200 up to 38 400 bps V 120 up to 57 600 kbps HSCSD for connection to GSM subscribers Point to Point Tunneling Protocol for establishing fo Virtual Privat Networks inclusive strong encryption methods with 128 Bit MPPE up to 168 Bit DES 3DES Blowfish Integrated hardware acceleration for PPP PTPP encryption algorithms DES 3DES MPPE Generic Routing Encapsulation V 0 according RFC 2784 for common encapsulation Layer 2 tunnelling protocol inclusive PPP user authentication Inclusive 110 active PPTP L2TP and GRE v 0 tunnels also in combination possible Internet Protocol Security establishing of VPN connections Inclusive 10 active VPN tunnels optional up to 110 IPSec tunnels DES 64 Bit 3DES 192 Bit AES 128 192 256 Bit CAST 128 Bit Blowfish 128 448 Bit Twofish 256 Bit MD 5 SHA 1 RipeMD160 Tiger192 Hashes bintec R3002 29 10 2013 Subject to technical alterations Page 4 11 VPN IPSec hardware acceleration IPSec IKE IPSec IKE Config Mode IPSec IKE XAUTH Client Server IPSec IKE XAUTH Client Server IPSec NAT T IPSec IPComp IPSec ce
Download Pdf Manuals
Related Search