Vanguard Managed Solutions 342 User Manual

Vanguard Managed Solutions
Vanguard 342 Installation Manual
Notice
©2004 Vanguard Managed Solutions, LLC 575 West Street Mansfield, Massachusetts 02048 (508) 261-4000 All rights reserved Printed in U.S.A.
Restricted Rights Notification for U.S. Government Users
The software (including firmware) addressed in this manual is provided to the U.S. Government under agreement which grants the government the minimum “restricted rights” in the software, as defined in the Federal Acquisition Regulation (FAR) or the Defense Federal Acquisition Regulation Supplement (DFARS), whichever is applicable.
If the software is procured for use by the Department of Defense, the following legend applies:
Restricted Rights Legend
Use, duplication, or disclosure by the Government
is subject to restrictions as set forth in
subparagraph (c)(1)(ii) of the
Rights in Technical Data and Computer Software
clause at DFARS 252.227-7013.
If the software is procured for use by any U.S. Government entity other than the Department of Defense, the following notice applies:
Notice
Notwithstanding any other lease or license agreement that may pertain to, or accompany the delivery of, this computer software, the rights of the Government regarding its use, reproduction, and disclosure are as set forth in FAR 52.227-19(C).
Unpublished - rights reserved under the copyright laws of the United States.
Notice (continued)
Proprietary Material
Information and software in this document are proprietary to VanguardMS Inc. (or its Suppliers) and without the express prior permission of an officer of VanguardMS Inc., may not be copied, reproduced, disclosed to others, published, or used, in whole or in part, for any purpose other than that for which it is being made available. Use of software described in this document is subject to the terms and conditions of the VanguardMS Software License Agreement.
This document is for information purposes only and is subject to change without notice.
Radio Frequency Interference Regulations
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules, CISPR22 and EN55022. These limits are designed to provide reasonable protection against interference when the equipment is operated in a residential environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications.
Changes or modifications not expressly approved by VanguardMS could void the user's authority to operate the equipment.
This Class B digital apparatus meets all requirements of the Canadian Interference-Causing Equipment Regulations.
This is a Class B product. Operation of this equipment in a residential environment may cause radio interference, in which case the user may be required to take adequate measures to correct the interference at his/her own expense.
This product was verified under test conditions that included the use of shielded DTE cable(s). A cable equipped with a ferrite bead may also have been used. Use of different cables will invalidate verification and increase the risk of causing interference to radio and TV reception.
You can obtain the proper cables from Vanguard Managed Solutions.
Telecommunications Regulations
Equipment that complies with Part 68 of the FCC rules includes a label or permanent marking on the printed circuit board that connects to the network that contains, among other information, the FCC registration number and ringer equivalence number (REN) for this equipment. If requested, this information must be provided to the telephone company. A plug and jack used to connect this equipment to the premises wiring and telephone network must comply with the applicable FCC Part 68 rules and requirements adopted by the ACTA. A compliant telephone cord and modular plug is provided with this product. It is designed to be connected to a compatible modular jack that is also compliant. See installation instructions for details.
The REN is used to determine the number of devices that may be connected to a telephone line. Excessive RENs on a telephone line may result in the devices not ringing in response to an incoming call. In most but not all areas, the sum of RENs should not exceed five (5.0). To be certain of the number of devices that may be connected to a line, as determined by the total RENs, contact the local telephone company. The REN for this product is part of the product identifier that has the format US:AAAEQ##TXXXX. The digits represented by ## are the REN without a decimal point (e.g., 03 is a REN of 0.3).
If this equipment causes harm to the telephone network, the telephone company will notify you in advance that temporary discontinuance of service may be required. But if advance notice isn't practical, the telephone company will notify the customer as soon as possible. Also, you will be advised of your right to file a complaint with the FCC if you believe it is necessary. The telephone company may make changes in its facilities, equipment, operations or procedures that could affect the operation of the equipment. If this happens the telephone company will provide advance notice in order for you to make necessary modifications to maintain uninterrupted service. If the equipment is causing harm to the telephone network, the telephone company may request that you disconnect the equipment until the problem is resolved. Connection to party line service is subject to state tariffs. Contact the state public utility commission, public service commission or corporation commission for information. If your home has specially wired alarm equipment connected to the telephone line, ensure the installation of this equipment does not disable your alarm equipment. If you have questions about what will disable alarm equipment, consult a trained technician.
Equipment that meets the applicable Industry Canada Terminal Equipment Technical Specifications is conformed by the registration number. Equipment that complies with Industry rules includes a label or permanent marking on the printed circuit board that connects to the network. The abbreviation, IC, before the registration number signifies that the registration was performed based on a Declaration of Conformity indicating that Industry Canada technical specifications were met. It does not imply that Industry Canada approved the equipment.
Part No. T0257, Revision D Technical Writer: Paul Lukowski Production: Denise Skinner Illustrator: Tim Kinch First Release: February 2003
This manual is current for Release 6.4 of Vanguard Applications Ware
To comment on this manual, please send e-mail to LGEN031@vanguardms.com

Contents

Special Notices and Translations
Customer Information
Customer Response Card
Chapter 1. About the Vanguard 342
Vanguard 342 Description ............................................................................ 1-2
Features and Functionality ........................................................................... 1-3
Target Applications ....................................................................................... 1-5
Virtual Private Network ........................................................................... 1-6
Cost-effective VPN Solutions............................................................... 1-7
Hardware-based Encryption and Compression..................................... 1-7
Standard-based Tunneling and Encryption for IP Traffic..................... 1-8
Multi-protocol Tunneling and Encryption ............................................ 1-8
Frame Relay and X.25 Encryption ....................................................... 1-9
IP and Serial Protocols over Frame Relay ............................................... 1-10
Video and Serial Protocols over Public or Private Networks .................. 1-11
Branch Office to Central Office over Public or Private Networks ........... 1-12
SOHO and Branch Office to Central Office over ISDN .......................... 1-14
DSL/Cable Modem .................................................................................. 1-16
G.SHDSL Daughtercard ........................................................................... 1-17
LAN Segmentation ................................................................................... 1-18
Virtual LAN (VLAN) ............................................................................... 1-19
Clocking Limitations Vanguard 342 ............................................................. 1-20
Chapter 2. Hardware Description
Enclosure ...................................................................................................... 2-2
Motherboard ................................................................................................. 2-4
Vanguard Daughtercards .............................................................................. 2-7
Chapter 3. Installation and Replacement
Checking Your Shipment Contents .............................................................. 3-2
Installing The Vanguard 342 ........................................................................ 3-3
Selecting and Preparing the Installation Site ........................................... 3-4
Installing Your Vanguard 342 ................................................................... 3-6
Thermal Considerations ........................................................................... 3-7
Configuring the Serial Interface ................................................................... 3-8
Setting the Interface Type ........................................................................ 3-9
Setting the Interface Options .................................................................... 3-10
Cabling the Vanguard 342 ............................................................................ 3-12
v
Contents (continued)
Chapter 3. Installation and Replacement
Port Characteristics and Cabling .............................................................. 3-13
Control Terminal Port (CTP) ................................................................ 3-16
10/100BaseT Adapter Cable................................................................. 3-17
DB25 V.24 Pinouts ............................................................................... 3-18
DB25 V.35/V.36 Pinouts....................................................................... 3-19
DB25 X.21/V.11 Pinouts....................................................................... 3-20
Modifying Your Vanguard 342 ..................................................................... 3-22
Installing Vanguard Daughtercards .......................................................... 3-23
Accessing the Motherboard ...................................................................... 3-24
Adding and Removing Memory Modules ................................................ 3-27
Installing/Removing the Lithium Battery ................................................ 3-32
Chapter 4. Powering Up and Loading Software
Powering Up Your Vanguard 342 ................................................................. 4-2
Powering Off The Vanguard 342 .................................................................. 4-3
Powerup Diagnostics .................................................................................... 4-5
Accessing the Control Terminal Port ............................................................ 4-7
Alternative Methods for Accessing the CTP........................................ 4-8
Obtaining and Installing Operating Software ............................................... 4-9
Appendix A. Specifications
Appendix B. Software License and Regulatory Information
FCC Part 68 and Telephone Company Procedures and
Requirements for DSU, T1, and ISDN Interfaces .................................... B-2
Product Declarations and Regulatory Information ....................................... B-4
Limited Warranty
Return Procedures
Index
vi

About This Manual

Overview
Introduction This installation describes features, hardware, specifications, and applications for the
Vanguard 342.
Note
For information on operating system software and configuration, see the Vanguard Basic Configuration Manual (Part Number T0113).
Audience This manual is intended for people who install and operate the Vanguard 342.
How to Use This Manual
The following table describes the contents of this manual:
This Chapter Description
Chapter 1 Vanguard 342 hardware and software features. Chapter 2 Description of the Vanguard 342 hardware features and
components.
Chapter 3 Installing and replacing Vanguard 342 hardware
including daughtercards and motherboard. Chapter 4 Powerup procedures and software installation. Appendix A Product specifications. Appendix B FCC and Telephone Company procedures and
requirements.
vii
About This Manual (continued)

Related Documentation

Introduction This section describes related documentation and where to obtain documentation.
Other Documentation
All documentation is provided on the Vanguide CD-ROM and the VanguardMS web site. http://www.vanguardms.com/documentation
Documentation Kit Includes:
Vanguard Applications Ware Documentation Set
IP and LAN Feature Documentation Set
SNA Feature Documentation Set
Vanguard Applications Ware Basic Protocols (Part Number T0106)
IP and LAN Feature Protocols (Part Number T0100)
SNA Feature Protocols (Part Number T0101)
Serial Feature Protocols (Part Number T0102)
Multi-Service Feature Protocols (Part Number T0103)
Multimedia Feature Protocols (Part Number T0104)
Alarms and Reports Manual (Part Number T0005)
Software Installation and Coldloading Manual (Part Number T0028)
IP and LAN Feature Protocols (Part Number T0100)
SNA Feature Protocols (Part Number T0101)
viii
Serial Feature Documentation Set
Multi-Service Feature Documentation Set
Multimedia Feature Documentation Set
Vanguard Applications Ware Basic Protocols Documentation Set
Serial Feature Protocols (Part Number T0102)
Multi-Service Feature Protocols (Part Number T0103)
Multimedia Feature Protocols (Part Number T0104)
Vanguard Basic Protocols (Part Number T0106)
About This Manual (continued)
Vanguide CD-ROM The Vanguide CD-ROM contains all Vanguard documentation available at the time
of release. The Vanguide CD-ROM is shipped with each Vanguard product. To order an additional copy of the Vanguide CD-ROM, please contact a VanguardMS Representative.
VanguardMS Web Site
Check the VanguardMS web site for the latest documentation:
http://www.vanguardms.com/documentation/
ix

Special Notices and Translations

Special Notices The following notices emphasize certain information in the guide. Each serves a
special purpose and is displayed in the format shown:
Nota
Note is used to emphasize any significant information.
Advertencia
Caution provides you with information that, if not followed, can result in damage to software, hardware, or data.
Warning
Warning is the most serious notice, indicating that you can be physically hurt.
Simplified Chinese
Danish
Særlige overskrifter
Følgende overskrifter fremhæver nogle af oplysningerne i vejledningen. De tjener hvert et specifikt formål og vises i følgende format:
Bemærk
Bem¾rk anvendes til at fremh¾ve vigtig information.
Forsigtig
Forsigtig understreger oplysninger, som, hvis de ikke bliver fulgt, kan føre til beskadigelse af software, hardware eller data.
Advarsel
Advarsel er den mest alvorlige overskrift, og tilkendegiver mulig personskade.
xi
Dutch
Bijzondere vermeldingen
De volgende vermeldingen besteden extra aandacht aan bepaalde informatie in de handleiding. Elke vermelding heeft een eigen nut en wordt in de volgende opmaak weergegeven:
Opmerking
Een opmerking wordt gebruikt om belangrijke informatie te benadrukken.
Let op
Dit kopje geeft aan dat u de beschreven instructies moet volgen om schade aan de software, hardware of gegevens te vermijden.
Waarschuwing
Een waarschuwing is de belangrijkste vermelding. Indien u deze niet volgt, kan dit tot lichamelijke verwondingen leiden.
Finnish
Erityisilmoitukset Seuraavat ilmoitukset korostavat tiettyjä oppaan tietoja. Kullakin on oma
erikoistarkoituksensa ja ne esitetään seuraavassa muodossa:
Huomaa
Huomautusta käytetään korostamaan tärkeätä tietoa.
French
Messages spéciaux
Vaara
Vaarailmoitus antaa tietoa, jonka huomiotta jättäminen voi johtaa ohjelmiston, laitteiston tai tietojen vahingoittumiseen.
Varoitus
Varoitus on kaikkein vakavin ilmoitus ja se kertoo mahdollisesta loukkaantumisriskistä.
Les messages suivants mettent en valeur certaines informations dans le guide. Chacun d’eux remplit une fonction spéciale et est affiché dans le format indiqué :
Important
Important est utilisé pour souligner des informations critiques au sujet d’une procédure.
Mise en Garde
Une mise en garde vous fournit des informations qui, si elles ne sont pas observées, peuvent se traduire par des dommages pour le logiciel, le matériel ou les données.
xii
German
Avertissement
Un avertissement constitue le message le plus sérieux, indiquant que vous pouvez subir des blessures corporelles.
Besondere Hinweise
Durch die folgenden Hinweise werden bestimmte Informationen in diesem Handbuch hervorgehoben. Jeder Hinweis dient einem bestimmten Zweck und wird im dargestellten Format angezeigt:
Wichtig
WICHTIG wird zur Betonung signifikanter Angaben zu Vorgehensweisen verwendet.
Vors icht
Ein Vorsichtshinweis macht Sie darauf aufmerksam, daß Nichtbefolgung zu Software-, Hardware- oder Datenschäden führen kann.
Warnung
Eine Warnung weist Sie darauf hin, daß ernsthafte Körperverletzungsgefahr besteht.
Italian
Simboli speciali I seguenti simboli, ciascuno con una speciale funzione, evidenziano determinate
informazioni all’interno del manuale. Il formato è quello riportato qui di seguito.
Nota
Questo tipo di avvertimento viene utilizzato per evidenziare tutte le informazioni significative relative ad una procedura.
Attenzione
Questo tipo di avvertimento fornisce informazioni che, se non vengono seguite, possono provocare danni al software, all’hardware o ai dati.
Avvertenza
Questo tipo di avvertimento indica la presenza di condizioni di rischio che possono causare lesioni fisiche. Si tratta del simbolo più importante al quale prestare attenzione.
xiii
Japanese
Korean
Norwegian
Spesielle merknader
xiv
Merknadstypene nedenfor representerer en bestemt type informasjon i håndboken. Hver merknadstype har en spesiell hensikt og vises på følgende format:
Merk
Merk brukes for å fremheve viktig informasjon.
Forsiktig
Forsiktig gir deg informasjon om situasjoner som kan føre til skade på programvare, datamaskin eller data dersom den blir fulgt.
Advarsel
Advarsel er den mest alvorlige merknaden og indikerer at du kan bli fysisk skadet.
Portuguese/ Portugal
Avisos Especiais Os avisos que se seguem realçam certas informações neste guia. Cada um deles serve
um objectivo especial e é visualizado no formato apresentado:
Nota
Nota é utilizado para realçar qualquer informação importante.
Atenção
Atenção faculta-lhe informações que, se não forem cumpridas, poderão provocar danos no software, hardware ou nos dados.
Cuidado
Cuidado constitui o aviso mais grave, o qual indica que poderá ficar fisicamente ferido.
Spanish/Spain
Notificaciones especiales
Swedish
Speciella beteckningar
Las siguientes notificaciones ponen énfasis sobre determinada información de la guía. Todas tienen un propósito especial y se muestran con el formato siguiente:
Nota
Las notas se utilizan para destacar determinada información de importancia.
Advertencia
Las advertencias le proporcionan información que debe seguirse, si no desea que el software, el hardware o los datos puedan verse dañados.
Aviso
Los avisos son las notificaciones de carácter más importante e indican la posibilidad de daños físicos para el usuario.
Följande beteckningar betonar viss information i handboken. Var och en har ett speciellt syfte och visas i formatet nedan:
OBS!
OBS! används för att betona viktig information.
Viktigt
Viktigt ger dig information som, om den inte följs, kan resultera i skada i programvara, maskinvara eller data.
xv
Varning
Varning är den mest allvarliga beteckningen och den indikerar att du kan skadas fysiskt.
xvi

Customer Information

Customer Questions
Comments About This Manual
Customers who have questions about Vanguard Managed Solutions products or services should contact your VanguardMS representative or visit this website for product, sales, support, documentation, or training information:
http://www.vanguardms.com/
To help us improve our product documentation, please complete the comment card included with this manual and return it by fax to (508) 339-9592. If you prefer, provide your name, company, and telephone number, and someone in the documentation group will contact you to discuss your comments.
Customer Information xvii

Customer Response Card

Vanguard Managed Solutions would like your help in improving its product documentation. Please complete and return this card by fax to (508) 339-9592; Attention: Product Documentation, to provide your feedback.
To discuss comments with a member of the documentation group, provide telephone information at the bottom of this page. Thank you for your help.
Name _________________________________________________________________________ Company Name _________________________________________________________________
Address _______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Document Title: Vanguard 342 Installation Manual
Part Number: T0257 Revision D Please rate this document for usability:
Excellent Good Average Below Average Poor
What did you like about the document? ______________________________________________
Cut Here
______________________________________________________________________________
______________________________________________________________________________ ______________________________________________________________________________
______________________________________________________________________________
What information, if any, is missing from the document? _________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________ ______________________________________________________________________________
Please identify any sections/concepts that are unclear or explained inadequately.
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________ ______________________________________________________________________________
Additional comments/suggestions. __________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________ ______________________________________________________________________________
Telephone ________________________ Ext. _________________ Best time to call __________
Overview
Chapter 1
About the Vanguard 342
Introduction This chapter describes the hardware and software functions, and the target
applications for the Vanguard These topics are discussed:
• Vanguard 342 Description
• Features and Functionality
• Target Applications
®
342 device.
About the Vanguard 342 1-1

Vanguard 342 Description

Vanguard 342 Description
Introduction This section describes the Vanguard 342 device.
Description The Vanguard 342 is a member of the 340 family. The Vanguard 342 expands the
capabilities of the 340 by providing enhanced performance, increased memory and support for new applications and services to meet the growing demands of the small branch office. It’s high performance architecture and features enable new WAN services such as G.SHDSL, broadband DSL and Cable access, as well as multiservice voice, data, video integration, and VPN. The 342 comes standard with two 10/100BaseT auto-sensing Ethernet ports - one of which can be used as a WAN port for direct connectivity to a DSL or Cable modem, or for LAN segmentation to separate public from private data.
The Vanguard 342 offers cost-effective integrated solutions that simultaneously support:
• Data
•Fax
• Voice over Frame Relay and Voice over IP
• Virtual Private Network (VPN)
• Broadband access
• Two 10/100BT LAN Ports
Note
The second LAN port is port 8.
The Vanguard 342 is SNMP-manageable and comes with a variety of LAN, SNA, and IP networking features. The Vanguard 342 supports two Vanguard Daughtercard slots for voice, fax and mixed protocol data traffic such as, IP, Frame Relay, X.25, ISDN, or NX64 T1/E1 services. The Vanguard 342 also comes with two 10/100BT LAN Ports.
For descriptions of the Vanguard 342 Daughtercard and other hardware components, refer to the appropriate sections in Chapter 2, Hardware Description.
Limitations Ethernet SLAC stations are not supported on the 2nd LAN port of
Vanguard
Note
FLASH SIMMs for the Vanguard 340 and 6400 Series are not compatible with the Vanguard 342. Vanguard 342 SIMMs are not compatible with the Vanguard 340 and 6400 Series. The SIMMs could be damaged.
The Vanguard 342 requires 6.2 or greater software.
®
342 .
CMEM configurations from Vanguard 342 should not be loaded on a Vanguard
340. If the 342 CMEM has Port 5 with a Bridge Link Number or Router Interface Number parameters with a value different from 1, then the Port 5 record needs to be deleted and then created again.
1-2 About the Vanguard 342

Features and Functionality

Features and Functionality
Introduction This section describes the features available with your Vanguard 342 device. For
descriptions of the software running on your Vanguard 342, refer to the appropriate protocol document. These documents can be found on the VanguardMS Web site:
http://www.vanguardms/documentation/
Standard Features The standard Vanguard 342 provides these features:
• Low Profile enclosure with rear accessible motherboard, and support for two Vanguard Daughtercards
• Motorola MPC860P PowerPC processor
• 8 Megabytes of Non-Volatile FLASH on board
• 8 Megabytes FLASH SIMM (optional)
• 32 Megabytes of SDRAM DIMM
• Standard rear panel ports include:
- Two daughtercard ports
- One serial interface DB25 port supporting V.24, V.35, V.36, V.11/X.21
interfaces
- One Async (RJ-45 connector) Control Terminal Port (CTP) for local and
remote configuration, and management
- Two 10/100BaseT Ethernet port with auto-sensing
• Data Encryption & compression SIMM slot (optional)
• ECC DIMM slot
• External power supply
10/100BaseT Ethernet Cable
Control Terminal Port (CTP)
Dual Daughtercard Slots
About the Vanguard 342 1-3
Ports 5 and 8 are 10/100BaseT Ethernet and conform to the Fast Ethernet specification (IEE 802.3u) known as 100BaseT. This LAN standard has raised the Ethernet speed limit from 10 Megabits to 100 Megabits per second. This Ethernet port has an auto-sensing feature that allows it to determine if the connection is 10BaseT or 100BaseT and adjust its speed as required.
Port 4 can be used as a Control Terminal Port (CTP) for configuration, reporting, and troubleshooting the Vanguard 342.
To access the CTP you must also configure your terminal or terminal emulation software, to VT100, 9600 bps, 8 bit, no parity, 1 stop bit.
The Vanguard 342 comes with two slots to support optional daughtercards. This permits easy future expansion of the product.
Features and Functionality
Daughtercard Functionality
The Vanguard 342 is available with the optional components listed below as factory-installed or as separate add-in daughtercards:
• FXS/FXO Voice
•4-Port FXS
•4-Port FXO
• Voice FXS
• FT1/FE1
•Dual E&M
• ISDN BRI-U Data
• ISDN & enhanced ISDN BRI-S/T Data
• ISDN BRI Voice
•DSU
•DIMM
• ECC DIMM
•V.90
• G.SHDSL
For additional information about these cards, refer to the “Vanguard Daughtercards” section in Chapter 2.
For detailed information about installing the Vanguard Daughtercards, refer to the “Modifying Your Vanguard 342” section in Chapter 3.
The RemoteVU and V.34 daughtercards are obsolete.
Operating Software The Vanguard Applications Ware software is compressed in FLASH memory and
loaded into the SDRAM DIMM for operation. The Vanguard 342 supports these Applications Ware packages:
+
•IP
Applications Ware Package (includes IP, and IPX)
•SNA
+
Applications Ware Package (includes IP, and SNA)
• Multi-Service Applications Ware Package
For more information on the license upgrades available for the Vanguard 342, refer to the Software Release Notice.
Software Support The Vanguard 342 supports all the licenses in the Vanguard Applications Ware
software suite. For a detailed list of the software supported by the Vanguard 342:
• Contact your VanguardMS representative
• Visit the VanguardMS web site:
http://www.vanguardms.com/
1-4 About the Vanguard 342

Target Applications

Target Applications
Introduction This section describes the various target applications for the Vanguard 342.
These examples are shown:
• Virtual Private Network
• IP and Serial Protocols over Frame Relay
• Video and Serial Protocols over Public or Private Networks
• Branch Office to Central Office over Public or Private Networks
• SOHO and Branch Office to Central Office over ISDN
• DSL and Cable Modem
• G.SHDSL
• LAN Segmentation
• Virtual LAN (VLAN)
About the Vanguard 342 1-5
Target Applications

Virtual Private Network

Introduction This section provides a general description of features and applications within the
Vanguard Virtual Private Network (VPN). These topics are discussed:
• Cost-effective VPN Solutions
• Hardware-based Encryption and Compression
• Standard-based Tunneling and Encryption for IP Traffic
• Multi-protocol Tunneling and Encryption
• Frame Relay and X.25 Encryption
For detailed information about a VPN, refer to your Virtual Private Network Manual (Part Number T0103-10).
What is a VPN? A Virtual Private Network (VPN) is a network that has the appearance and many of
the advantages of a dedicated link but occurs over a shared network. Using a technique called “tunneling,” packets are transmitted across a public routed network, such as the Internet or other commercially available network, in a private “tunnel” that simulates a point-to-point connection.
Advantages of a VPN
Requirements of a VPN
This approach enables network traffic from many sources to travel through separate tunnels across the same infrastructure. A VPN allows network protocols to traverse incompatible infrastructures. A VPN also enables traffic from many sources to be differentiated, so that it can be directed to specific destinations and receive specific levels of service.
A VPN provides following advantages:
• Cost Effectiveness
- Infrastructure Cost - By using a VPN, a company need not invest money
on connectivity equipment like leased lines, WAN switches etcetera. The connectivity is provided by the service provider.
- Operational Cost - Costs involved with maintaining leased lines or a
private WAN along with the money spent on people to maintain them can be avoided.
• Manageability
- A VPN is more easily managed when compared to a fully private network.
Below are some of the requirements of a VPN:
• Connectivity
- There needs to be network connectivity among the various corporate sites.
This connectivity is typically used through the Internet.
•Security
- Data exchanged between the various corporate sites is confidential. When
data is sent over a public network it is usually encrypted. The encryption algorithm must be robust enough to withstand any type of snooping.
1-6 About the Vanguard 342
• Address Management
- The Addresses of the clients on each of the private sites should not be the
ones used in the public domain, however, packets sent out onto the public network must have public source/destination addresses.
• Multiprotocol Support
- The solution must be able to handle common protocols used in the
corporate network.
Cost-effective VPN Solutions
Target Applications
Small to Medium Enterprise (SME)
Hardware-based Encryption and Compression
Data Encryption and Compression
The Vanguard VPN solution is ideal for SMEs that are looking to take advantage of the flexibility, global reach, security, and cost savings of Internet-based VPNs. The current Vanguard installed-base can be easily upgraded to support VPN site-to-site applications at a very competitive price point.
Data encryption is a very CPU intensive process and is therefore best implemented in hardware. The VanguardMS solution provides a secure hardware-based encryption and compression. Figure 1-1 shows an example of a secure hardware­based VPN solution for a site-to-site application.
Hardware Options
The three hardware options available are the DES (56-bit), Triple-DES (112-bit) Encryption and Compression SIMMs and the ECC DIMM which supports DES, Triple-DES (168-bit) AES.
Central Site
Remote Site
Internet or IP Network
Remote Site
Figure 1-1. Hardware-based VPN Solution for Site-to-Site Applications.
About the Vanguard 342 1-7
Target Applications
Standard-based Tunneling and Encryption for IP Traffic
IPSec IPSec is the predominant tunneling and security standard for IP Networks. It defines
protocols required for site-to-site as well as remote access VPN implementations at layer 3 of the OSI model. Vanguard Applications Ware release 5.5 and greater supports these IPSec features:
• Authentication Header (AH) and Encapsulating Security Payload (ESP) for user authentication and encryption.
• Internet Key Exchange (IKE) using preshared keys for key management.
• Message Digest (MD5) and Secure Hashing Algorithm-1 (SHA-1) for data integrity.
• ISAKMP supports DES, Triple-DES and AES
• ESP support DES, Triple-DES and AES
Note
ISAKMP and ESP support is available with the ECC DIMM.
Multi-protocol Tunneling and Encryption
General Router Encryption (GRE)
Whereas IPSec can only tunnel IP traffic over IP Networks, GRE tunneling is a Layer 2 protocol that can tunnel multi-protocol traffic over IP Networks. This enables the Vanguard to tunnel and encrypt IP, IPX, and other bridge data.
DES and Triple-DES (112-bit) are used as encryption algorithms and the fast and efficient SAM proprietary key exchange protocol is used for key management. Integrity Check Character (ICC) establishes data integrity when the SAM protocol is implemented.
1-8 About the Vanguard 342
Frame Relay and X.25 Encryption
Target Applications
Frame Relay and X.25 Networks
Protected
Subnet
Another value-added feature in Vanguard Managed Solutions VPN implementation is the ability to encrypt LAN traffic and serial legacy protocols (SNA, SDLC, SLAC, and TBOP) and transport them over Frame Relay and X.25 networks. This is particularly useful in the financial industry where SNA traffic going out into the branches and ATM machines require a high level of security. This implementation also uses DES, Triple-DES (112-bit) for encryption and VanguardMS Proprietary SAM key exchange protocol to negotiate the keys.
Vanguard 342
with VPN
Frame
Relay
Internet
Vanguard 342
with VPN
Protected
Subnet
Figure 1-2. Encryption over IP, Frame Relay, and X.25 Networks
Security Features
The security features in Vanguard Applications Ware release 5.5 and greater also include Firewall functionality based on IP Packet Filtering. Access Control Lists can be configured based on a combination of source and destination addresses. IP Protocol, TCP/UDP source and destination port numbers/ranges, and interface numbers. A feature called Cypher Block Chaining prevents repeated patterns in Plaintext from appearing as repeated patterns in Cyphertext, thus making it harder for hackers to find traffic patterns.
About the Vanguard 342 1-9
Target Applications

IP and Serial Protocols over Frame Relay

Introduction The Vanguard 342 supports multi protocol encapsulation of IP traffic and serial
protocols over frame relay as specified by RFC 1490. As shown in Figure 1-3, a SNA cluster controller connects to a serial port on the Vanguard 342 and the Ethernet LAN connects to the 10/100BaseT Ethernet port. The Vanguard is fully interoperable with third party routers via RFC 1490.
Terminals
Ethernet
Third Party
Router
Vanguard 342
Frame
Relay
Cluster Controller
Third Party
Router
Figure 1-3. IP and Serial Protocols over Frame Relay
Ethernet
Host
FEP
1-10 About the Vanguard 342
Loading...
+ 85 hidden pages