ADTRAN 2300 User Manual

NetVanta 2300

Mid-Range VPN Gateway and Firewall

Product Features

■ IPSec VPN tunneling with

DES/3DES encryption

■ Internet Key Exchange

(IKE) for user
authentication

■ Stateful inspection

firewall security

■ DMZ Port for public

server access

■ Hardware Encryption

Accelerator

■ Up to 100 private

encryption tunnels

■ Logging and alerts

■ Web-based management

■ 10/100 BaseT Ethernet

interfaces for flexible
connectivity

The ADTRAN NetVanta™2300 is a mid-range
IPSec compliant gateway providing all the
necessary components required to secure an
integrated VPN solution. As a branch office or

mid-size host security gateway, the NetVanta
2300 provides several key security features such
as IPSec VPN tunneling with DES or 3DES
encryption, stateful inspection firewall, and IKE
for user authentication supporting
public/private keys or digital certificates. In
addition, it also offers a DMZ port for public
server access, a hardware encryption accelerator
for faster encryption throughput and up to 100
simultaneous VPN tunnels.

Security: On a public infrastructure like the
Internet, security is of the utmost importance.
The NetVanta 2300 protects the corporate
network against attacks with a built-in firewall
and provides data security through encryption,
authentication and key exchange. The NetVanta
2300 employs a stateful inspection firewall that
protects an organization’s network from
common cyber attacks including TCP syn­flooding, IP spoofing, ICMP redirect, land
attacks, ping-of-death, and IP reassembly prob­lems. The NetVanta 2300 also encrypts the data
being sent out onto the network, using either the
DES (Data Encryption Standard) or 3DES
encryption algorithms. Data integrity is ensured
using MD5 or SHA1 as it is transported across
the public infrastructure. In addition, Internet
Key Exchange (IKE) can be used for user authen­tication supporting public/private keys or digital
certificates, assuring that the proper VPN tunnel
is established and that the tunnel has not been
redirected or compromised.

VPN Tunneling: NetVanta 2300 is an IPSec
compliant device that supports both ESP and
AH protocols and provides secure communica­tion over potentially unsecure network
components. As a security gateway, the NetVanta
2300 can support up to 100 private encryption
communication tunnels through the Internet
from remote locations. The NetVanta 2300 can
also hide IP addresses from the external world by
performing Network Address Translation (NAT).

Web-based Management: Configuring a remote
NetVanta 2300 can easily be managed using a
standard web browser. NetVanta 2300 has built­in alert and logging mechanisms for messaging
and mail services. This enables the unit to warn
administrators about activities that are going on
in the network by logging them into a SYSLOG
server or sending an email to the administrator.

The NetVanta 2300 offers guaranteed interoper­ability with ADTRAN’s complete line of NetVanta
2000 Series of VPN/Security gateways: NetVanta
2050 for work-at-home telecommuters, NetVanta
2100 for small office connectivity, NetVanta 2400
for larger corporate host applications, and the
software implemented, NetVanta VPN Client.
Together the NetVanta 2000 Series offers the most
robust features and functions to address a wide
range of enterprise VPN needs.

Specifications subject to change without notice. ADTRAN and NetVanta are trademarks of
ADTRAN, Inc. All registered trademarks and trademarks mentioned in this publication are
the property of their respective owners.

Product Specifications

Physical Interface

■

WAN: RJ-45 10/100 Auto-Sensing Ethernet interface

■

LAN: RJ-45 10/100 Auto-Sensing Ethernet interface

■

DMZ: RJ-45 10/100 Auto-Sensing Ethernet interface

■

Serial Port: RS-232 for off-net configuration

Virtual Private Network (VPN)

Hash Algorithms

■

MD5-HMAC 128-bit authentication algorithm

■

SHA1-HMAC 160-bit authentication algorithm

Encryption

■

DES-CBC 56-bit encryption

■

3DES-CBC 168-bit encryption

Diffie Hellman Group Support

■

Group 1: MODP 768

■

Group 2: MODP 1024

Authentication Mechanisms

■

Preshared keys

■

X.509 Certificate Support:

RSA Signatures, DSS Signatures

Key Management

■

IKE (ISAKMP/Oakley)

IPSec Mode

■

Tunnel

IKE Modes

■

Main

■

Aggressive

■

Quick

Firewall

■

Stateful inspection firewall

■

Application content filtering

■

Cyber assault protection

■

HTTP Relay

Diagnostics

Front Panel Status LEDs

■

Power – status

■

VPN – status, transmit, receive

■

LAN – transmit, receive

■

WAN – transmit, receive

Routing

■

TCP/IP

■

Static Routes

■

RIP V1 & RIP V2

NetVanta 2300

Mid-Range VPN Gateway and Firewall

Administration

■

Web-based management

■

SYSLOG logging in WELF format

■

Email alerts (SMTP)

■

User and group access control policies based
on time-of-day

■

User accounting policy statistics

DHCP

■

Server (to manage IP addresses on local network)

■

Client (to acquire the WAN-side IP address from
service provider)

PPPoE

■

Client (to acquire the WAN-side IP address from
service provider)

Address Translation

■

Basic NAT (1:1)

■

NAPT (Many:1)

■

Reverse NAT (translation of an inbound session’s
destination IP address)

Environment

Operating Temperature

■

0° to 50 °C (32° to 122 °F)

Storage Temperature

■

-20° to 70 °C (-4° to 158 °F)

Relative Humidity

■

Up to 95%, non-condensing

Physical

Size: 1.25" H, 17.25" W, 7.75" D

Weight: 7 lbs (shipping weight)

Power: 100 - 250 vAC, 50/60 Hz

Agency Approvals

■

FCC Part 15 (Class B)

■

UL and Canadian UL (CUL), IEC/EN, CSA

Product Includes

■

User manual

■

AC power cord

■

Rackmount brackets

Ordering Information

Equipment Part #

NetVanta 2300 1200366L1

ADTRAN, Inc.

Attn: Enterprise Networks

901 Explorer Boulevard

Huntsville, AL 35806

P.O. Box 140000

Huntsville, AL 35814-4000

256 963-8000 voice

256 963-8699 fax

256 963-8200 fax back

General Information

800 9ADTRAN
info@adtran.com
www.adtran.com

Pre-Sales

Technical Support

800 615-1176 toll-free

application.engineer@adtran.com

www.adtran.com/support

Where to Buy

877 280-8416 toll-free

channel.sales@adtran.com

www.adtran.com/where2buy

Post-Sales

Technical Support

888 423-8726

support@adtran.com

www.adtran.com/support

ACES Installation &

Maintenance Service

888 874-ACES

aces@adtran.com

www.adtran.com/support

International Inquiries

256 963 8000 voice

256 963-6300 fax

international@adtran.com

www.adtran.com/international

For the regional office

nearest you, visit:

www.adtran.com/where2buy

Printed in the U.S.A.

61200366L1-8B July 2002

©2002 ADTRAN, Inc. All rights reserved.

ADTRAN is a

TL 9000 registered company.

ADTRAN is a

ISO 9001 registered company.

LAN DMZ

100-250VAC

50/60Hz 0.2A

WAN