Vanguard Managed Solutions 342 User Manual
Vanguard Managed Solutions
Vanguard 342 Installation Manual
Notice
©2004 Vanguard Managed Solutions, LLC
575 West Street
Mansfield, Massachusetts 02048
(508) 261-4000
All rights reserved
Printed in U.S.A.
Restricted Rights Notification for U.S. Government Users
The software (including firmware) addressed in this manual is provided to the U.S.
Government under agreement which grants the government the minimum “restricted rights”
in the software, as defined in the Federal Acquisition Regulation (FAR) or the Defense
Federal Acquisition Regulation Supplement (DFARS), whichever is applicable.
If the software is procured for use by the Department of Defense, the following legend
applies:
Restricted Rights Legend
Use, duplication, or disclosure by the Government
is subject to restrictions as set forth in
subparagraph (c)(1)(ii) of the
Rights in Technical Data and Computer Software
clause at DFARS 252.227-7013.
If the software is procured for use by any U.S. Government entity other than the Department
of Defense, the following notice applies:
Notice
Notwithstanding any other lease or license agreement that may pertain to,
or accompany the delivery of, this computer software, the rights of the
Government regarding its use, reproduction, and disclosure are as set forth
in FAR 52.227-19(C).
Unpublished - rights reserved under the copyright laws of the United States.
Notice (continued)
Proprietary Material
Information and software in this document are proprietary to VanguardMS Inc. (or its
Suppliers) and without the express prior permission of an officer of VanguardMS Inc., may
not be copied, reproduced, disclosed to others, published, or used, in whole or in part, for
any purpose other than that for which it is being made available. Use of software described in
this document is subject to the terms and conditions of the VanguardMS Software License
Agreement.
This document is for information purposes only and is subject to change without notice.
Radio Frequency Interference Regulations
This equipment has been tested and found to comply with the limits for a Class B digital
device, pursuant to Part 15 of the FCC Rules, CISPR22 and EN55022. These limits are
designed to provide reasonable protection against interference when the equipment is
operated in a residential environment. This equipment generates, uses, and can radiate radio
frequency energy and, if not installed and used in accordance with the instruction manual,
may cause harmful interference to radio communications.
Changes or modifications not expressly approved by VanguardMS could void the user's
authority to operate the equipment.
This Class B digital apparatus meets all requirements of the Canadian Interference-Causing
Equipment Regulations.
This is a Class B product. Operation of this equipment in a residential environment may
cause radio interference, in which case the user may be required to take adequate measures to
correct the interference at his/her own expense.
This product was verified under test conditions that included the use of shielded DTE
cable(s). A cable equipped with a ferrite bead may also have been used. Use of different
cables will invalidate verification and increase the risk of causing interference to radio and
TV reception.
You can obtain the proper cables from Vanguard Managed Solutions.
Telecommunications Regulations
Equipment that complies with Part 68 of the FCC rules includes a label or permanent
marking on the printed circuit board that connects to the network that contains, among other
information, the FCC registration number and ringer equivalence number (REN) for this
equipment. If requested, this information must be provided to the telephone company. A plug
and jack used to connect this equipment to the premises wiring and telephone network must
comply with the applicable FCC Part 68 rules and requirements adopted by the ACTA. A
compliant telephone cord and modular plug is provided with this product. It is designed to be
connected to a compatible modular jack that is also compliant. See installation instructions
for details.
The REN is used to determine the number of devices that may be connected to a telephone
line. Excessive RENs on a telephone line may result in the devices not ringing in response to
an incoming call. In most but not all areas, the sum of RENs should not exceed five (5.0). To
be certain of the number of devices that may be connected to a line, as determined by the total
RENs, contact the local telephone company. The REN for this product is part of the product
identifier that has the format US:AAAEQ##TXXXX. The digits represented by ## are the
REN without a decimal point (e.g., 03 is a REN of 0.3).
If this equipment causes harm to the telephone network, the telephone company will notify
you in advance that temporary discontinuance of service may be required. But if advance
notice isn't practical, the telephone company will notify the customer as soon as possible.
Also, you will be advised of your right to file a complaint with the FCC if you believe it is
necessary. The telephone company may make changes in its facilities, equipment, operations
or procedures that could affect the operation of the equipment. If this happens the telephone
company will provide advance notice in order for you to make necessary modifications to
maintain uninterrupted service. If the equipment is causing harm to the telephone network,
the telephone company may request that you disconnect the equipment until the problem is
resolved. Connection to party line service is subject to state tariffs. Contact the state public
utility commission, public service commission or corporation commission for information. If
your home has specially wired alarm equipment connected to the telephone line, ensure the
installation of this equipment does not disable your alarm equipment. If you have questions
about what will disable alarm equipment, consult a trained technician.
Equipment that meets the applicable Industry Canada Terminal Equipment Technical
Specifications is conformed by the registration number. Equipment that complies with
Industry rules includes a label or permanent marking on the printed circuit board that
connects to the network. The abbreviation, IC, before the registration number signifies that
the registration was performed based on a Declaration of Conformity indicating that Industry
Canada technical specifications were met. It does not imply that Industry Canada approved
the equipment.
Part No. T0257, Revision D
Technical Writer: Paul Lukowski
Production: Denise Skinner
Illustrator: Tim Kinch
First Release: February 2003
This manual is current for Release 6.4 of Vanguard Applications Ware
To comment on this manual, please send e-mail to LGEN031@vanguardms.com
Contents
Special Notices and Translations
Customer Information
Customer Response Card
Chapter 1. About the Vanguard 342
Vanguard 342 Description ............................................................................ 1-2
Features and Functionality ........................................................................... 1-3
Target Applications ....................................................................................... 1-5
Virtual Private Network ........................................................................... 1-6
Cost-effective VPN Solutions............................................................... 1-7
Hardware-based Encryption and Compression..................................... 1-7
Standard-based Tunneling and Encryption for IP Traffic..................... 1-8
Multi-protocol Tunneling and Encryption ............................................ 1-8
Frame Relay and X.25 Encryption ....................................................... 1-9
IP and Serial Protocols over Frame Relay ............................................... 1-10
Video and Serial Protocols over Public or Private Networks .................. 1-11
Branch Office to Central Office over Public or Private Networks ........... 1-12
SOHO and Branch Office to Central Office over ISDN .......................... 1-14
DSL/Cable Modem .................................................................................. 1-16
G.SHDSL Daughtercard ........................................................................... 1-17
LAN Segmentation ................................................................................... 1-18
Virtual LAN (VLAN) ............................................................................... 1-19
Clocking Limitations Vanguard 342 ............................................................. 1-20
Chapter 2. Hardware Description
Enclosure ...................................................................................................... 2-2
Motherboard ................................................................................................. 2-4
Vanguard Daughtercards .............................................................................. 2-7
Chapter 3. Installation and Replacement
Checking Your Shipment Contents .............................................................. 3-2
Installing The Vanguard 342 ........................................................................ 3-3
Selecting and Preparing the Installation Site ........................................... 3-4
Installing Your Vanguard 342 ................................................................... 3-6
Thermal Considerations ........................................................................... 3-7
Configuring the Serial Interface ................................................................... 3-8
Setting the Interface Type ........................................................................ 3-9
Setting the Interface Options .................................................................... 3-10
Cabling the Vanguard 342 ............................................................................ 3-12
v
Contents (continued)
Chapter 3. Installation and Replacement
Port Characteristics and Cabling .............................................................. 3-13
Control Terminal Port (CTP) ................................................................ 3-16
10/100BaseT Adapter Cable................................................................. 3-17
DB25 V.24 Pinouts ............................................................................... 3-18
DB25 V.35/V.36 Pinouts....................................................................... 3-19
DB25 X.21/V.11 Pinouts....................................................................... 3-20
Modifying Your Vanguard 342 ..................................................................... 3-22
Installing Vanguard Daughtercards .......................................................... 3-23
Accessing the Motherboard ...................................................................... 3-24
Adding and Removing Memory Modules ................................................ 3-27
Installing/Removing the Lithium Battery ................................................ 3-32
Chapter 4. Powering Up and Loading Software
Powering Up Your Vanguard 342 ................................................................. 4-2
Powering Off The Vanguard 342 .................................................................. 4-3
Powerup Diagnostics .................................................................................... 4-5
Accessing the Control Terminal Port ............................................................ 4-7
Alternative Methods for Accessing the CTP........................................ 4-8
Obtaining and Installing Operating Software ............................................... 4-9
Appendix A. Specifications
Appendix B. Software License and Regulatory Information
FCC Part 68 and Telephone Company Procedures and
Requirements for DSU, T1, and ISDN Interfaces .................................... B-2
Product Declarations and Regulatory Information ....................................... B-4
Limited Warranty
Return Procedures
Index
vi
About This Manual
Overview
Introduction This installation describes features, hardware, specifications, and applications for the
Vanguard 342.
Note
For information on operating system software and configuration, see the
Vanguard Basic Configuration Manual (Part Number T0113).
Audience This manual is intended for people who install and operate the Vanguard 342.
How to Use This
Manual
The following table describes the contents of this manual:
This Chapter Description
Chapter 1 Vanguard 342 hardware and software features.
Chapter 2 Description of the Vanguard 342 hardware features and
components.
Chapter 3 Installing and replacing Vanguard 342 hardware
including daughtercards and motherboard.
Chapter 4 Powerup procedures and software installation.
Appendix A Product specifications.
Appendix B FCC and Telephone Company procedures and
requirements.
vii
About This Manual (continued)
Related Documentation
Introduction This section describes related documentation and where to obtain documentation.
Other
Documentation
All documentation is provided on the Vanguide CD-ROM and the VanguardMS web
site. http://www.vanguardms.com/documentation
Documentation Kit Includes:
Vanguard Applications
Ware Documentation Set
IP and LAN Feature
Documentation Set
SNA Feature
Documentation Set
• Vanguard Applications Ware Basic Protocols
(Part Number T0106)
• IP and LAN Feature Protocols
(Part Number T0100)
• SNA Feature Protocols
(Part Number T0101)
• Serial Feature Protocols
(Part Number T0102)
• Multi-Service Feature Protocols
(Part Number T0103)
• Multimedia Feature Protocols
(Part Number T0104)
• Alarms and Reports Manual
(Part Number T0005)
• Software Installation and Coldloading Manual
(Part Number T0028)
• IP and LAN Feature Protocols
(Part Number T0100)
• SNA Feature Protocols
(Part Number T0101)
viii
Serial Feature
Documentation Set
Multi-Service Feature
Documentation Set
Multimedia Feature
Documentation Set
Vanguard Applications
Ware Basic Protocols
Documentation Set
• Serial Feature Protocols
(Part Number T0102)
• Multi-Service Feature Protocols
(Part Number T0103)
• Multimedia Feature Protocols
(Part Number T0104)
• Vanguard Basic Protocols
(Part Number T0106)
About This Manual (continued)
Vanguide CD-ROM The Vanguide CD-ROM contains all Vanguard documentation available at the time
of release. The Vanguide CD-ROM is shipped with each Vanguard product. To order
an additional copy of the Vanguide CD-ROM, please contact a VanguardMS
Representative.
VanguardMS Web
Site
Check the VanguardMS web site for the latest documentation:
http://www.vanguardms.com/documentation/
ix
Special Notices and Translations
Special Notices The following notices emphasize certain information in the guide. Each serves a
special purpose and is displayed in the format shown:
Nota
Note is used to emphasize any significant information.
Advertencia
Caution provides you with information that, if not followed, can result in damage to
software, hardware, or data.
Warning
Warning is the most serious notice, indicating that you can be physically hurt.
Simplified Chinese
Danish
Særlige
overskrifter
Følgende overskrifter fremhæver nogle af oplysningerne i vejledningen. De tjener
hvert et specifikt formål og vises i følgende format:
Bemærk
Bem¾rk anvendes til at fremh¾ve vigtig information.
Forsigtig
Forsigtig understreger oplysninger, som, hvis de ikke bliver fulgt, kan føre til
beskadigelse af software, hardware eller data.
Advarsel
Advarsel er den mest alvorlige overskrift, og tilkendegiver mulig personskade.
xi
Dutch
Bijzondere
vermeldingen
De volgende vermeldingen besteden extra aandacht aan bepaalde informatie in
de handleiding. Elke vermelding heeft een eigen nut en wordt in de volgende
opmaak weergegeven:
Opmerking
Een opmerking wordt gebruikt om belangrijke informatie te benadrukken.
Let op
Dit kopje geeft aan dat u de beschreven instructies moet volgen om schade aan
de software, hardware of gegevens te vermijden.
Waarschuwing
Een waarschuwing is de belangrijkste vermelding. Indien u deze niet volgt, kan
dit tot lichamelijke verwondingen leiden.
Finnish
Erityisilmoitukset Seuraavat ilmoitukset korostavat tiettyjä oppaan tietoja. Kullakin on oma
erikoistarkoituksensa ja ne esitetään seuraavassa muodossa:
Huomaa
Huomautusta käytetään korostamaan tärkeätä tietoa.
French
Messages
spéciaux
Vaara
Vaarailmoitus antaa tietoa, jonka huomiotta jättäminen voi johtaa ohjelmiston,
laitteiston tai tietojen vahingoittumiseen.
Varoitus
Varoitus on kaikkein vakavin ilmoitus ja se kertoo mahdollisesta
loukkaantumisriskistä.
Les messages suivants mettent en valeur certaines informations dans le guide.
Chacun d’eux remplit une fonction spéciale et est affiché dans le format indiqué :
Important
Important est utilisé pour souligner des informations critiques au sujet d’une
procédure.
Mise en Garde
Une mise en garde vous fournit des informations qui, si elles ne sont pas observées,
peuvent se traduire par des dommages pour le logiciel, le matériel ou les données.
xii
German
Avertissement
Un avertissement constitue le message le plus sérieux, indiquant que vous pouvez
subir des blessures corporelles.
Besondere
Hinweise
Durch die folgenden Hinweise werden bestimmte Informationen in diesem
Handbuch hervorgehoben. Jeder Hinweis dient einem bestimmten Zweck und
wird im dargestellten Format angezeigt:
Wichtig
WICHTIG wird zur Betonung signifikanter Angaben zu Vorgehensweisen
verwendet.
Vors icht
Ein Vorsichtshinweis macht Sie darauf aufmerksam, daß Nichtbefolgung zu
Software-, Hardware- oder Datenschäden führen kann.
Warnung
Eine Warnung weist Sie darauf hin, daß ernsthafte Körperverletzungsgefahr besteht.
Italian
Simboli speciali I seguenti simboli, ciascuno con una speciale funzione, evidenziano determinate
informazioni all’interno del manuale. Il formato è quello riportato qui di seguito.
Nota
Questo tipo di avvertimento viene utilizzato per evidenziare tutte le informazioni
significative relative ad una procedura.
Attenzione
Questo tipo di avvertimento fornisce informazioni che, se non vengono seguite,
possono provocare danni al software, all’hardware o ai dati.
Avvertenza
Questo tipo di avvertimento indica la presenza di condizioni di rischio che
possono causare lesioni fisiche. Si tratta del simbolo più importante al quale
prestare attenzione.
xiii
Japanese
Korean
Norwegian
Spesielle
merknader
xiv
Merknadstypene nedenfor representerer en bestemt type informasjon i håndboken.
Hver merknadstype har en spesiell hensikt og vises på følgende format:
Merk
Merk brukes for å fremheve viktig informasjon.
Forsiktig
Forsiktig gir deg informasjon om situasjoner som kan føre til skade på programvare,
datamaskin eller data dersom den blir fulgt.
Advarsel
Advarsel er den mest alvorlige merknaden og indikerer at du kan bli fysisk skadet.
Portuguese/
Portugal
Avisos Especiais Os avisos que se seguem realçam certas informações neste guia. Cada um deles serve
um objectivo especial e é visualizado no formato apresentado:
Nota
Nota é utilizado para realçar qualquer informação importante.
Atenção
Atenção faculta-lhe informações que, se não forem cumpridas, poderão provocar
danos no software, hardware ou nos dados.
Cuidado
Cuidado constitui o aviso mais grave, o qual indica que poderá ficar
fisicamente ferido.
Spanish/Spain
Notificaciones
especiales
Swedish
Speciella
beteckningar
Las siguientes notificaciones ponen énfasis sobre determinada información de la
guía. Todas tienen un propósito especial y se muestran con el formato siguiente:
Nota
Las notas se utilizan para destacar determinada información de importancia.
Advertencia
Las advertencias le proporcionan información que debe seguirse, si no desea que el
software, el hardware o los datos puedan verse dañados.
Aviso
Los avisos son las notificaciones de carácter más importante e indican la posibilidad
de daños físicos para el usuario.
Följande beteckningar betonar viss information i handboken. Var och en har ett
speciellt syfte och visas i formatet nedan:
OBS!
OBS! används för att betona viktig information.
Viktigt
Viktigt ger dig information som, om den inte följs, kan resultera i skada i
programvara, maskinvara eller data.
xv
Varning
Varning är den mest allvarliga beteckningen och den indikerar att du kan
skadas fysiskt.
xvi
Customer Information
Customer
Questions
Comments About
This Manual
Customers who have questions about Vanguard Managed Solutions products or
services should contact your VanguardMS representative or visit this website for
product, sales, support, documentation, or training information:
http://www.vanguardms.com/
To help us improve our product documentation, please complete the comment card
included with this manual and return it by fax to (508) 339-9592. If you prefer,
provide your name, company, and telephone number, and someone in the
documentation group will contact you to discuss your comments.
Customer Information xvii
Customer Response Card
Vanguard Managed Solutions would like your help in improving its product documentation. Please
complete and return this card by fax to (508) 339-9592; Attention: Product Documentation, to provide
your feedback.
To discuss comments with a member of the documentation group, provide telephone information at the
bottom of this page. Thank you for your help.
Name _________________________________________________________________________
Company Name _________________________________________________________________
Address _______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Document Title: Vanguard 342 Installation Manual
Part Number: T0257 Revision D
Please rate this document for usability:
Excellent Good Average Below Average Poor
What did you like about the document? ______________________________________________
Cut Here
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
What information, if any, is missing from the document? _________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
Please identify any sections/concepts that are unclear or explained inadequately.
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
Additional comments/suggestions. __________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
Telephone ________________________ Ext. _________________ Best time to call __________
Overview
Chapter 1
About the Vanguard 342
Introduction This chapter describes the hardware and software functions, and the target
applications for the Vanguard
These topics are discussed:
• Vanguard 342 Description
• Features and Functionality
• Target Applications
®
342 device.
About the Vanguard 342 1-1
Vanguard 342 Description
Vanguard 342 Description
Introduction This section describes the Vanguard 342 device.
Description The Vanguard 342 is a member of the 340 family. The Vanguard 342 expands the
capabilities of the 340 by providing enhanced performance, increased memory and
support for new applications and services to meet the growing demands of the small
branch office. It’s high performance architecture and features enable new WAN
services such as G.SHDSL, broadband DSL and Cable access, as well as
multiservice voice, data, video integration, and VPN. The 342 comes standard with
two 10/100BaseT auto-sensing Ethernet ports - one of which can be used as a WAN
port for direct connectivity to a DSL or Cable modem, or for LAN segmentation to
separate public from private data.
The Vanguard 342 offers cost-effective integrated solutions that simultaneously
support:
• Data
•Fax
• Voice over Frame Relay and Voice over IP
• Virtual Private Network (VPN)
• Broadband access
• Two 10/100BT LAN Ports
Note
The second LAN port is port 8.
The Vanguard 342 is SNMP-manageable and comes with a variety of LAN, SNA,
and IP networking features. The Vanguard 342 supports two Vanguard Daughtercard
slots for voice, fax and mixed protocol data traffic such as, IP, Frame Relay, X.25,
ISDN, or NX64 T1/E1 services. The Vanguard 342 also comes with two
10/100BT LAN Ports.
For descriptions of the Vanguard 342 Daughtercard and other hardware components,
refer to the appropriate sections in Chapter 2, Hardware Description.
Limitations Ethernet SLAC stations are not supported on the 2nd LAN port of
Vanguard
Note
FLASH SIMMs for the Vanguard 340 and 6400 Series are not compatible with the
Vanguard 342. Vanguard 342 SIMMs are not compatible with the Vanguard 340 and
6400 Series. The SIMMs could be damaged.
The Vanguard 342 requires 6.2 or greater software.
®
342 .
CMEM configurations from Vanguard 342 should not be loaded on a Vanguard
340. If the 342 CMEM has Port 5 with a Bridge Link Number or Router
Interface Number parameters with a value different from 1, then the Port 5
record needs to be deleted and then created again.
1-2 About the Vanguard 342
Features and Functionality
Features and Functionality
Introduction This section describes the features available with your Vanguard 342 device. For
descriptions of the software running on your Vanguard 342, refer to the appropriate
protocol document. These documents can be found on the VanguardMS Web site:
http://www.vanguardms/documentation/
Standard Features The standard Vanguard 342 provides these features:
• Low Profile enclosure with rear accessible motherboard, and support for two
Vanguard Daughtercards
• Motorola MPC860P PowerPC processor
• 8 Megabytes of Non-Volatile FLASH on board
• 8 Megabytes FLASH SIMM (optional)
• 32 Megabytes of SDRAM DIMM
• Standard rear panel ports include:
- Two daughtercard ports
- One serial interface DB25 port supporting V.24, V.35, V.36, V.11/X.21
interfaces
- One Async (RJ-45 connector) Control Terminal Port (CTP) for local and
remote configuration, and management
- Two 10/100BaseT Ethernet port with auto-sensing
• Data Encryption & compression SIMM slot (optional)
• ECC DIMM slot
• External power supply
10/100BaseT
Ethernet Cable
Control Terminal
Port (CTP)
Dual Daughtercard
Slots
About the Vanguard 342 1-3
Ports 5 and 8 are 10/100BaseT Ethernet and conform to the Fast Ethernet
specification (IEE 802.3u) known as 100BaseT. This LAN standard has raised the
Ethernet speed limit from 10 Megabits to 100 Megabits per second. This Ethernet
port has an auto-sensing feature that allows it to determine if the connection is
10BaseT or 100BaseT and adjust its speed as required.
Port 4 can be used as a Control Terminal Port (CTP) for configuration, reporting, and
troubleshooting the Vanguard 342.
To access the CTP you must also configure your terminal or terminal emulation
software, to VT100, 9600 bps, 8 bit, no parity, 1 stop bit.
The Vanguard 342 comes with two slots to support optional daughtercards. This
permits easy future expansion of the product.
Features and Functionality
Daughtercard
Functionality
The Vanguard 342 is available with the optional components listed below as
factory-installed or as separate add-in daughtercards:
• FXS/FXO Voice
•4-Port FXS
•4-Port FXO
• Voice FXS
• FT1/FE1
•Dual E&M
• ISDN BRI-U Data
• ISDN & enhanced ISDN BRI-S/T Data
• ISDN BRI Voice
•DSU
•DIMM
• ECC DIMM
•V.90
• G.SHDSL
For additional information about these cards, refer to the “Vanguard Daughtercards”
section in Chapter 2.
For detailed information about installing the Vanguard Daughtercards, refer to the
“Modifying Your Vanguard 342” section in Chapter 3.
The RemoteVU and V.34 daughtercards are obsolete.
Operating Software The Vanguard Applications Ware software is compressed in FLASH memory and
loaded into the SDRAM DIMM for operation. The Vanguard 342 supports these
Applications Ware packages:
+
•IP
Applications Ware Package (includes IP, and IPX)
•SNA
+
Applications Ware Package (includes IP, and SNA)
• Multi-Service Applications Ware Package
For more information on the license upgrades available for the Vanguard 342, refer
to the Software Release Notice.
Software Support The Vanguard 342 supports all the licenses in the Vanguard Applications Ware
software suite.
For a detailed list of the software supported by the Vanguard 342:
• Contact your VanguardMS representative
• Visit the VanguardMS web site:
http://www.vanguardms.com/
1-4 About the Vanguard 342
Target Applications
Target Applications
Introduction This section describes the various target applications for the Vanguard 342.
These examples are shown:
• Virtual Private Network
• IP and Serial Protocols over Frame Relay
• Video and Serial Protocols over Public or Private Networks
• Branch Office to Central Office over Public or Private Networks
• SOHO and Branch Office to Central Office over ISDN
• DSL and Cable Modem
• G.SHDSL
• LAN Segmentation
• Virtual LAN (VLAN)
About the Vanguard 342 1-5
Target Applications
Virtual Private Network
Introduction This section provides a general description of features and applications within the
Vanguard Virtual Private Network (VPN).
These topics are discussed:
• Cost-effective VPN Solutions
• Hardware-based Encryption and Compression
• Standard-based Tunneling and Encryption for IP Traffic
• Multi-protocol Tunneling and Encryption
• Frame Relay and X.25 Encryption
For detailed information about a VPN, refer to your Virtual Private Network Manual
(Part Number T0103-10).
What is a VPN? A Virtual Private Network (VPN) is a network that has the appearance and many of
the advantages of a dedicated link but occurs over a shared network. Using a
technique called “tunneling,” packets are transmitted across a public routed network,
such as the Internet or other commercially available network, in a private “tunnel”
that simulates a point-to-point connection.
Advantages of a
VPN
Requirements of a
VPN
This approach enables network traffic from many sources to travel through separate
tunnels across the same infrastructure. A VPN allows network protocols to traverse
incompatible infrastructures. A VPN also enables traffic from many sources to be
differentiated, so that it can be directed to specific destinations and receive specific
levels of service.
A VPN provides following advantages:
• Cost Effectiveness
- Infrastructure Cost - By using a VPN, a company need not invest money
on connectivity equipment like leased lines, WAN switches etcetera. The
connectivity is provided by the service provider.
- Operational Cost - Costs involved with maintaining leased lines or a
private WAN along with the money spent on people to maintain them can
be avoided.
• Manageability
- A VPN is more easily managed when compared to a fully private network.
Below are some of the requirements of a VPN:
• Connectivity
- There needs to be network connectivity among the various corporate sites.
This connectivity is typically used through the Internet.
•Security
- Data exchanged between the various corporate sites is confidential. When
data is sent over a public network it is usually encrypted. The encryption
algorithm must be robust enough to withstand any type of snooping.
1-6 About the Vanguard 342
• Address Management
- The Addresses of the clients on each of the private sites should not be the
ones used in the public domain, however, packets sent out onto the public
network must have public source/destination addresses.
• Multiprotocol Support
- The solution must be able to handle common protocols used in the
corporate network.
Cost-effective VPN Solutions
Target Applications
Small to Medium
Enterprise (SME)
Hardware-based Encryption and Compression
Data Encryption
and Compression
The Vanguard VPN solution is ideal for SMEs that are looking to take advantage of
the flexibility, global reach, security, and cost savings of Internet-based VPNs. The
current Vanguard installed-base can be easily upgraded to support VPN site-to-site
applications at a very competitive price point.
Data encryption is a very CPU intensive process and is therefore best implemented
in hardware. The VanguardMS solution provides a secure hardware-based
encryption and compression. Figure 1-1 shows an example of a secure hardwarebased VPN solution for a site-to-site application.
Hardware Options
The three hardware options available are the DES (56-bit), Triple-DES (112-bit)
Encryption and Compression SIMMs and the ECC DIMM which supports DES,
Triple-DES (168-bit) AES.
Central Site
Remote Site
Internet or
IP Network
Remote Site
Figure 1-1. Hardware-based VPN Solution for Site-to-Site Applications.
About the Vanguard 342 1-7
Target Applications
Standard-based Tunneling and Encryption for IP Traffic
IPSec IPSec is the predominant tunneling and security standard for IP Networks. It defines
protocols required for site-to-site as well as remote access VPN implementations at
layer 3 of the OSI model. Vanguard Applications Ware release 5.5 and greater
supports these IPSec features:
• Authentication Header (AH) and Encapsulating Security Payload (ESP) for
user authentication and encryption.
• Internet Key Exchange (IKE) using preshared keys for key management.
• Message Digest (MD5) and Secure Hashing Algorithm-1 (SHA-1) for data
integrity.
• ISAKMP supports DES, Triple-DES and AES
• ESP support DES, Triple-DES and AES
Note
ISAKMP and ESP support is available with the ECC DIMM.
Multi-protocol Tunneling and Encryption
General Router
Encryption (GRE)
Whereas IPSec can only tunnel IP traffic over IP Networks, GRE tunneling is a
Layer 2 protocol that can tunnel multi-protocol traffic over IP Networks. This
enables the Vanguard to tunnel and encrypt IP, IPX, and other bridge data.
DES and Triple-DES (112-bit) are used as encryption algorithms and the fast and
efficient SAM proprietary key exchange protocol is used for key management.
Integrity Check Character (ICC) establishes data integrity when the SAM protocol is
implemented.
1-8 About the Vanguard 342
Frame Relay and X.25 Encryption
Target Applications
Frame Relay and
X.25 Networks
Protected
Subnet
Another value-added feature in Vanguard Managed Solutions VPN implementation
is the ability to encrypt LAN traffic and serial legacy protocols (SNA, SDLC, SLAC,
and TBOP) and transport them over Frame Relay and X.25 networks. This is
particularly useful in the financial industry where SNA traffic going out into the
branches and ATM machines require a high level of security. This implementation
also uses DES, Triple-DES (112-bit) for encryption and VanguardMS Proprietary
SAM key exchange protocol to negotiate the keys.
Vanguard 342
with VPN
Frame
Relay
Internet
Vanguard 342
with VPN
Protected
Subnet
Figure 1-2. Encryption over IP, Frame Relay, and X.25 Networks
Security Features
The security features in Vanguard Applications Ware release 5.5 and greater also
include Firewall functionality based on IP Packet Filtering. Access Control Lists can
be configured based on a combination of source and destination addresses. IP
Protocol, TCP/UDP source and destination port numbers/ranges, and interface
numbers. A feature called Cypher Block Chaining prevents repeated patterns in
Plaintext from appearing as repeated patterns in Cyphertext, thus making it harder
for hackers to find traffic patterns.
About the Vanguard 342 1-9
Target Applications
IP and Serial Protocols over Frame Relay
Introduction The Vanguard 342 supports multi protocol encapsulation of IP traffic and serial
protocols over frame relay as specified by RFC 1490. As shown in Figure 1-3, a
SNA cluster controller connects to a serial port on the Vanguard 342 and the Ethernet
LAN connects to the 10/100BaseT Ethernet port. The Vanguard is fully interoperable
with third party routers via RFC 1490.
Terminals
Ethernet
Third Party
Router
Vanguard 342
Frame
Relay
Cluster Controller
Third Party
Router
Figure 1-3. IP and Serial Protocols over Frame Relay
Ethernet
Host
FEP
1-10 About the Vanguard 342
Loading...