avaya.com

Avaya VPN Routers

Avaya VPN Routers (formerly known as Contivity*) are a family of products delivering security and IP services in a single integrated platform. Targeted at the wide-area network (WAN) edge — the intersection of an enterprise’s private and public IP networks — the Avaya VPN Router family is optimized to exploit the cost advantages of the Internet while providing secure communications across the public IP infrastructure.

A single Avaya VPN Router device Network evolution, THE NEED FOR SECURE provides IP routing, IPSec-based not revolution IP SERVICES Virtual Private Networking (VPN), stateful firewall, encryption, Since it is standards-based, the Avaya The rise of the Internet and IP-based applications authentication and bandwidth VPN Router interoperates with existing provides enterprises with a unique opportunity to management services in a highly- routing, authentication, directory, integrated platform. and security services. This means realize cost savings in their external and internal the Avaya VPN Router can bridge the communications. But the Internet was not originally transition during the introduction of designed with security in mind. Enterprises with mission- Security built into new IP services into the network. Avaya critical Internet applications must secure the data they the design VPN Router devices can be initially transmit, as well as protect their internal networks from installed behind an existing IP access Virtual Private Networking and device (router, DSL modem, etc.) outside intrusion. Avaya VPN Routers are architected to security are hallmarks of the Avaya without disruption to the network. Or, deliver the security required by enterprise IP networks VPN Router product line. Avaya VPN an enterprise deploying the Avaya VPN with the ability to scale to address a complete range of Router devices are designed with Router as a VPN gateway can later security in mind — both in the secure high-performance IP services. add firewall services and/or transition transmission of data, as well as in the the Avaya VPN Router to the primary inherent security of the device and its Internet access device for that site. management interface. For example, by default, the Avaya VPN Router denies all access on the public (or “secure Features routing”) interface, except via a secure management tunnel. Extensive Best-in-class Virtual Private Denial of Service (DoS) protection is Networking (VPN) also provided on this interface. This As a market leader in IP Virtual limits exposure to attacks from the Private Networking (IP-VPN), public Internet even before the Avaya the Avaya VPN Router has been VPN Router has been configured for delivering on the promise of end- IP services operation. Also, there are to-end secure IP-VPNs for years. no “back doors” on the Avaya VPN IP-VPN capabilities are standard in Router to circumvent device login. every Avaya VPN Router unit, with This security is built in, regardless all base configurations shipping with of whether the Avaya VPN Router is a minimum of five VPN tunnels. All installed as a basic IP access router or the Avaya VPN Routers include the as a dedicated VPN switch or firewall. following VPN capabilities:

PRODUCT BRIEF 1 avaya.com

• Standards-based tunneling — Support for IPSec, L2TP and PPTP standard MOBILIZING YOUR IPSEC VPN WITH tunneling protocols provides THE AVAYA VPN ROUTER interoperability with a wide range of multi-vendor VPN software and hardware. With over 60 million IPSec VPN clients deployed globally, Avaya customers now have the option of extending their remote access IPSec VPNs with Avaya’s innovative IPSec • Encryption — Support for DES, 3DES and Advanced Encryption Standard (AES) Mobility capability. IPSec Mobility allows a laptop, PDA or tablet PC user to move from standard provides ultimate end-to-end one physical location to another while maintaining a persistent Avaya VPN Router IPSec security for transmitted data. VPN connection. Users do not need to re-login or restart applications as they roam from place to place. For example, a user can move from an Ethernet to a wireless LAN or even • Authentication — Support for RADIUS, to a public wide-area Wi-Fi environment without “breaking” their VPN tunnel connection LDAP, SecureID, X.509 digital and having to restart applications. IPSec Mobility enables Avaya VPN Router customers certificates, as well as token and smart cards offering the broadest range of to “mobilize” applications so that users can roam from location to location — all while authentication options in the industry. maintaining a secure connection. Enterprises can leverage their existing enterprise directory-based services, whether Novell NDS or Microsoft Active filtering policies to data sent across either Information Protocol (RIPv1 and v2), Border Directory, or design their own secure tunneled or non-tunneled interfaces. Gateway Protocol (BGP-4) and Virtual Route authentication mechanism. Redundancy Protocol (VRRP), the Avaya VPN Router can dynamically route traffic • Comprehensive VPN client support — Avaya Endpoint security through VPN around failed connections or devices, as well VPN Client (formerly known as Contivity Tunnel Guard as load balance traffic across parallel paths VPN Client) software for MS-Windows Avaya’s VPN Tunnel Guard helps to prevent — whether for tunneled or non-tunneled 2000, XP and Vista systems is provided end-user PCs from becoming a vehicle for traffic. Secure Routing Technology (SRT) with unlimited right to copy along with viruses or other unwanted intrusions through on the Avaya VPN Router avoids complex each Avaya VPN Router unit. Avaya VPN the VPN tunnel. Available as a standard VPN encapsulation protocols and associated Client licenses are also available for Router feature, Tunnel Guard enables the overhead when forwarding IP traffic through Macintosh and Linux operating systems. administrator to define endpoint security secure IP VPN tunnels. The Avaya VPN Secure access from other wireless and policies for end-user PCs connecting to Router additionally offers industry-standard handheld devices is supported via third- the VPN Router. It then ensures all remote Data Link Switching (DLSw) services to party IPSec clients. users/devices are inspected for compliance transport and encrypt SNA traffic over public to the security policy before allowing access or private IP networks. Stateful firewall through the VPN tunnel. VPN Tunnel Guard can enforce endpoint security for PCs The Avaya VPN Router stateful firewall Bandwidth management/Quality connecting directly to a VPN Router via combines an easy-to-use interface with rich of Service filtering rule sets to provide multiple lines of either IPSec or SSL. It can also enforce defense for an enterprise’s private network. endpoint security for PCs connecting Powerful Quality of Service (QoS) features With extensive logging, a wide range of through a VPN branch tunnel between two allow the Avaya VPN Router to deliver on application layer gateways (ALGs) and built- VPN Routers. the promise of highly-optimized IP networks. in protection against hacker attacks, the With advanced services — Differentiated Avaya VPN Router stateful firewall delivers Secure routing services Services (DiffServ), RSVP and sophisticated queue management — the Avaya VPN wire-speed throughput while protecting Standards-based IP routing services enable Router can ensure that service levels are the enterprise network and its data from the Avaya VPN Router to be integrated into met for any mission-critical data. The Avaya unauthorized access. The Avaya VPN Router an existing router network, or be deployed VPN Router can prioritize traffic not only stateful firewall can further be combined on its own to build a highly redundant and by IP traffic type, but also prioritize by with VPN termination and network address flexible secure network. With support for users, groups and VPN tunnels, allowing translation (NAT) services to flexibly apply Open Shortest Path First (OSPF), Routing

2 avaya.com

fine granularity in QoS control. By reserving via its standard Ethernet interface. Dial • Easy Install Utility — Provides automated minimum guaranteed bandwidth, the Avaya back-up services allow traffic to be sent over set-up of a remote VPN Router via a VPN Router ensures that an individual user’s an alternate connection in case the primary Web browser, eliminating the need for an bandwidth is preserved in a multi-user WAN or LAN link fails. on-site installer. environment. Comprehensive management • Fault management — SNMP, alarm monitor and historical fault browser quickly detect LAN/WAN flexibility services problems. With integrated support for 10/100/1000 A rich set of integrated management tools Mbps Ethernet, frame relay, PPP, T1 and makes it easy for enterprises or service • Accounting — A rich set of security and E1 CSU/DSU, V.35, X.21, ADSL, ISDN providers to configure and monitor Avaya system logging tools lets administrators and V.90 modem interfaces, the Avaya VPN Router devices. These include: track all transactions and events. VPN Router offers great flexibility in its placement within the enterprise network. • Remote management options — Allows the It can act as the primary WAN/Internet Avaya VPN Router to be provisioned from access device via frame relay, dial-up or a data center or network operations center leased line connection or be connected to (NOC). an existing WAN or Internet access device

The Avaya VPN Router Architecture

Nortel VPN Router Multi-Element Manager Multi-device configuration Home for up to 2500 office Nortel VPN Router devices Headquarters Business Secure Router 222

Large Mobile worker headquarters Nortel VPN Router 5000 Database, directory, security servers Internet Nortel VPN Client Medium headquarters Nortel VPN Router 2700 Nortel VPN Router 1750

Small headquarters Nortel VPN Router 1750 Distributors

Small office Branch offices/ Secure Router 1001 small enterprises Secure Router 3120

3 avaya.com

Technical specifications — corporate/enterprise models

Avaya VPN Router 1750 Avaya VPN Router 2700/2750 Avaya VPN Router 5000

Up to 500 tunnels Up to 2000 tunnels Up to 5000 tunnels Memory Memory Memory • Standard: 128 MB • Standard: 256 MB • Standard: 512 MB • Maximum: 256 MB • Maximum: 512 MB • Maximum: 1.5 GB Processor Processor Processor • 850 MHz Pentium III • 1.33 GHz Pentium III (2700) • Dual 2.2 GHz Intel Xeon processors • 1.26 GHz Celeron (2750) Expansion slots Expansion slots • Four PCI expansion slots Expansion slots • Five PCI expansion slots • Three PCI expansion slots (2700) Encrypted VPN throughout Encrypted VPN throughout • Four PCI expansion slots (2750) • 125 Mbps (3DES) • 375 Mbps (3DES) • 150 Mbps (AES) Encrypted VPN throughout • 375 Mbps (AES) • 150 Mbps (3DES) Standard equipment Standard equipment • 200 Mbps (AES) • 2 x 10/100BaseT Ethernet ports • 1 x 10/100BaseT Ethernet port • Management/console port (DB-9) Standard equipment • 1 x 10/100/1000BaseT (GigE) port • 2 x 10/100BaseT Ethernet ports • Encryption accelerator card Standard software • Management/console port (DB-9) • Management/console port (DB-9) Secure Router Bundle: • Dual, redundant, auto-switching power • Avaya VPN Router O/S with 50 VPN Standard software supply system with dual line cards tunnels and IP routing Secure Router Bundle: • Dual, redundant storage system VPN Bundle: • Avaya VPN Router O/S with 5 VPN • Avaya VPN Router O/S with 500 VPN tunnels and IP routing Standard software tunnels and IP routing VPN Bundle: • Avaya VPN Router O/S with 5000 VPN tunnels and IP routing LAN/WAN options • Avaya VPN Router O/S with 2000 VPN tunnels and IP routing • Additional 10/100BaseT Ethernet LAN/WAN options • 1000BaseSX/T (GigE) Ethernet LAN/WAN options • Additional 10/100BaseT Ethernet or 1000BaseSX/T (GigE) Ethernet • 1-port T1/E1 CSU/DSU • Additional 10/100BaseT Ethernet • 1-port T1/E1 CSU/DSU • 4-port T1/E1 CSU/DSU • 1000BaseSX/T (GigE) Ethernet • 4-port T1/E1 CSU/DSU • V.90 Dial Modem • 1-port T1/E1 CSU/DSU • V.90 Dial Modem • ISDN BRI (S/T and U interfaces) • 4-port T1/E1 CSU/DSU • ISDN BRI (S/T and U interfaces) • ADSL • V.90 Dial Modem • ADSL • V.35/X.21/RS-232 Serial • ISDN BRI (S/T and U interfaces) • V.35/X.21/RS-232 Serial • 56/64K CSU/DSU • ADSL • 56/64K CSU/DSU • High-Speed Serial Interface (HSSI) • V.35/X.21/RS-232 Serial • High-Speed Serial Interface (HSSI) • 56/64K CSU/DSU Other hardware options • High-Speed Serial Interface (HSSI) Other hardware options • Encryption accelerator card Other hardware options • 2nd encryption accelerator card • Encryption accelerator card

4 avaya.com

Technical specifications — corporate/enterprise models

Avaya VPN Router 1750 Avaya VPN Router 2700/2750 Avaya VPN Router 5000

Physical dimensions Physical dimensions Physical dimensions

• Length: 21 in. (53.3 cm) • Length: 21 in. (53.3 cm) • Length: 23 in. (53.3 cm) • Width: 17.25 in. (43.8 cm) • Width: 17.25 in. (43.8 cm) • Width: 17.25 in. (43.8 cm) • Height: 5.25 in. (13.3 cm) • Height: 5.25 in. (13.3 cm) • Height: 5.25 in. (13.3 cm) • Weight: 28.0 lb (12.7 kg) • Weight: 28.0 lb (12.7 kg) • Weight: 43.0 lb (19.5 kg)

Operating environment

• Electrical: 100-240 VAC, 5.0A @ 100 • Electrical: 90-264 VAC, 2.0A @ 90 VAC, • Electrical: 100-127/200-240 VAC (x2), VAC or 3.0A @ 240 VAC, 50-60 Hz 47-63 Hz 6.2/3.1A, 50-60 Hz • Temperature: 32º-104ºF (0º-40ºC) • Temperature: 32º-104ºF (0º-40ºC) • Temperature: 32º-104ºF (0º-40ºC) • Relative humidity: 10-95% non-condensing • Relative humidity: 10-90% non-condensing • Relative humidity: 10-90% non-condensing

Optional software licenses

• Avaya VPN Router Stateful Firewall • Avaya VPN Router Advanced Routing (OSPF, VRRP, bandwidth management) • Avaya VPN Premium Routing (Advanced Routing plus BGP-4) • Avaya VPN Tunnel Upgrades (to max tunnels) available for Avaya VPN Router 1750, 2700 and 2750 models • Avaya VPN Router Data Link Switching (DLSw) Note: Avaya VPN Client for Windows (with unlimited distribution license) included with all VPN Router models.

Technical specifications VPN Tunneling Protocols User Authentication Services • IPSec, including authentication header • X.509 Digital Certificates, Smart Cards IP Services (AH), encapsulating security protocol (ES) (support for all major vendors and and Internet key exchange (IKE) MS-CAPI), Common Access Card (CAC) RIPv1/v2, OSPFv2, BGP-4 • Point-to-point tunneling protocol (PPTP), • 4096-bit certificates, Certificate • Dynamic Routing over IPSec (RFC 3884) including compression and encryption Revocation List (CRL), On-line Certificate Status Protocol (OCSP) (RFC2560) • 802.1Q VLAN routing • Layer 2 Tunneling Protocol (L2TP), • Policy-based routing (next hop traffic filters) including L2TP/IPSec • Remote authentication dial-in user services (RADIUS) • IGMP (v2/v3) Proxy Encryption • Hard and soft token support • DHCP • Data Encryption Standard (DES) (e.g., SecureID and AXENT) • Virtual Router Redundancy Protocol (VRRP) • Triple DES (3DES) using 3 independent • User name and password and • Data Link Switching (DLSw); SNA 56-bit keys; 168-bit key length (effective NT Domain Login encapsulation within IP strength of 128 bits) • Internal or external lightweight directory • NAT (Cone, PAT), including NAT • Advanced Encryption Standard (AES); access protocol (LDAP) translation for branch and client tunnels 128-bit and 256-bit versions

5 WAN Protocols Accounting Avaya VPN Client • Point-to-Point Protocol (PPP); including • Event, system, security and configuration • IPSec (with DES, 3DES and AES encryption) PPP over Ethernet (PPPoE) logging • Microsoft Windows 2000, XP and • Frame Relay (including FRF.9 • Internal and external RADIUS accounting Vista-based clients compression and FRF.12 fragmentation) • Automatic archiving to external system • Macintosh and Linux via software license • Dial-on-demand and dial back-up services via integral V.90 modem Management Endpoint security • Supports browser-based configuration; or • Tunnel Guard enforces security policies Bandwidth Management; QoS Avaya Command Line Interface on endpoint PCs by checking for anti- • User and group-level configurable virus, personal firewall or any application • Easy Install utility for simple remote VPN minimum bandwidth settings software (e.g., patches) before allowing Router set-up VPN connection; support for pre-defined • DiffServ (Differentiated Services) with • SNMP monitoring and alerts security policies code point marking • SSL, SSH, SFTP management access • 802.1p/DSCP (Differentiated Services Certifications Code Point) mapping • Three levels of administrator access; role- based management to separate service • ICSA (International Computer Security • Multi-level Random Early Detection (MRED) provider and end-user Association) certification (IPSec 1.2 • Resource Reservation Protocol (RSVP) enhanced) Stateful Firewall • FIPS 140-2 (Federal Information VoIP-Friendly • Multi-layers stateful packet inspection Processing Standard for Security) for VPN • Secure IPSec transport of VoIP traffic supporting over 100 network application Client and Server filters, including TCP, UDP, FTP, HTTP, • SIP Application Layer Gateway (ALG) for • Virtual Private Network Consortium (VPNC) H.323, RealAudio, Java and ActiveX NAT and stateful firewall Basic Conformance Testing (IPSec) • Extensive and customizable logging options • Cone NAT (for Avaya Unistim protocol) • Common Criteria EAL-4+ with NAT “hairpinning” • End-user authentication with Tunnel Guard • FRF.12 fragmentation • Unlimited firewall users and policies for tunneled and non-tunneled traffic Data Compression • IPComp (RFC 3173) for encrypted and non-encrypted traffic • FRF.9 Frame Relay compression

About Avaya

Avaya is a global leader in enterprise communications systems. The company provides unified communications, contact centers, and related services directly and through its channel partners to leading businesses and organizations around the world. Enterprises of all sizes depend on Avaya for state-of-the-art communications that improve efficiency, collaboration, customer service and competitiveness. For more information please visit www.avaya.com.

© 2009-2010 Avaya Inc. All Rights Reserved. Avaya and the Avaya Logo are trademarks of Avaya Inc. and are registered in the United States and other countries. avaya.com All trademarks identified by ®, TM or SM are registered marks, trademarks, and service marks, respectively, of Avaya Inc. All other trademarks are the property of their respective owners. Avaya may also have trademark rights in other terms used herein. 12/09 • DN5017