Encore Networks
BANDIT™

Secure IP+Legacy Broadband Router

The Encore Networks BANDIT™ is a uniquely versatile IP+Legacy Virtual Private Network (VPN) gateway that provides router/FRAD, firewall and IPSec VPN functionality, dial backup, and legacy protocol support, all in one small unit. Flexible architecture combined with the proven ELIOS™ operating system make the BANDIT™ the perfect solution for enterprise customers, carriers, and vertical markets. Enterprise customers are attracted to the robust feature set and the strong price/performance/functionality ratio. Carriers benefit when migrating Frame Relay networks to support other value-added services, such as broadband and IP-based VPN. Vertical markets, such as travel, utilities, lottery, and banking, can quickly and easily migrate from legacy systems to standards-based IP networks. Positioned between the IP core network and the Local Area Network (LAN) or remote legacy terminals, the BANDIT™ provides the conduit for communication between the regional/branch offices and corporate headquarters over IP-based VPNs.

  • Proven, feature-rich ELIOS™ operating system
  • Remote office/branch office solution
  • Broadband access (WAN/LAN) ▶ Automatic dial backup
  • Protection of corporate Intranet assets via comprehensive firewall capabilities
  • Guaranteed delivery of mission-critical data via Quality of Service (QoS) features
  • Easy migration from today’s networks to secure IP VPNs
  • Inexpensive to set up and maintain — low cost hardware, no software licensing
  • Highly reliable for connectivity of legacy protocols
  • Worry-free protection of data and management functions with IPSec encryption
 

COST-EFFECTIVE SOLUTION
The BANDIT™ is an extremely affordable solution for applications that require multi-service functionality. Using a single device to consolidate networking tasks reduces hardware and simplifies network operations. Networks currently using multiple devices to handle IP routing, VPN, firewall, and legacy protocol support will see improved performance and significant savings. The strong price/ performance/functionality ratio, no software licensing fees, and obsolescence-proof design make the BANDIT™ an attractive and economical choice for both enterprise and carrier customers.

INVESTMENT PROTECTION
Many network planners today are faced with the necessity of large-scale equipment upgrades to make networks compatible with next-generation IP services. The BANDIT™ is the core of Encore’s Cap and Grow strategy for migrating legacy protocols to a standard IP-based infrastructure. Connecting legacy equipment to next-generation networks and services is quick, inexpensive, and immediate. Network migration can occur seamlessly without impacting revenue.

EASY INSTALLATION AND MANAGEMENT
Plug-and-play features simplify installation and enable management from a central location. Remote dial-up users can begin using the VPN in no time. The unit arrives at the remote location, the network port and power are quickly connected, and the BANDIT™ is ready to GO!

  

IPSEC VPN TUNNELING AND SECURITY
The BANDIT™ is a versatile IP+Legacy VPN gateway, providing up to 30 simultaneous tunnel connections. The use of hardware- assisted technology allows the BANDIT™ to perform encryption and IP routing without impacting overall performance and throughput. Internal IP addresses can be shielded from public view through a combination of Network Address Translation (NAT) and Private Address Translation (PrAT).

VERSATILITY
The small, standalone design of the BANDIT™ unit, its powerful ELIOS™ operating system, and its use of standardsbased IPSec make it easy to integrate with other networking equipment and allow it to interoperate with off-the-shelf IPSec software clients. Two 10/100 Base-T auto-sensing Ethernet ports handle LAN and WAN subscriber interfaces to the device via standard RJ45 connections. An RS-232, V.35, X.21, or RS-449 serial port is optional for applications that support legacy protocol conversion and spoofing such as SDLC, X.25, ALC, X.42, and polled async. An optional expansion module provides a 56/64 kbps DSU port; a single or dual T1/E1 channelized CSU/DSU port; or a DMZ Ethernet port for expanded LAN/WAN capability. A dedicated supervisory console port is standard, as is an internal V.90 modem for dial-up
 

Features and Benefits

Multi-Service Platform
Single multi-function unit running on the ELIOS™ operating system replaces the need for multiple single-function units — router/FRAD; IPSec VPN gateway; firewall; legacy data protocol support; and dial backup capability

Flexible Connectivity
Meets customer requirements today and tomorrow. Standard: Two Ethernet 10/100 Base-T auto-sensing connections for LAN or WAN using standard RJ45 ports; internal V.90 modem for dial backup or remote management Optional: Serial port for legacy applications; expansion slot for CSU/DSU with ASAP (any service, any port) capability

IP Security and VPN
Interoperates with off-the-shelf IPSec VPN clients; provides tunnel passthrough, initiation, multiplexing, switching, and termination; DES and 3DES encryption; ESP and AH encapsulation; HMAC MD5 and HMAC SHA-1 authentication; IKE, ISAKMP and PKI(X.509) key exchange

Corporate Network Security
Dynamic firewall functionality protects corporate networks — stateful inspection; event logging; protection against Denial of Service (DoS) attacks; IP filtering

Legacy Protocols
Extensive legacy protocol conversion and spoofing is provided for seamless migration path to IP-based networks – SDLC, VISAII, Poll-Select, Bisync, X.25, ALC, SCADA, MATIP, CDLC, and X.42

Disaster Recovery
Secure dial backup over auto-learned routes provides continuous service availability; incoming or outgoing connections; secured using PAP/CHAP; fast switchover

Built-In Diagnostic Tools
Comprehensive built-in troubleshooting tools that reduce the time it takes to identify and resolve problems

Superior Network Management
SNMP support helps carriers integrate with their existing OSS systems; in-band and/or out-of-band access via telnet or supervisory port; built-in security via multi-level password access; guaranteed SNMP delivery ensures that critical events are preserved during network outages
 

Application Examples

Typical BANDIT Network
Typical BANDIT Network Diagram

Access CPE Router/FRAD
- Multi-branch connections


Access CPE Router/FRAD Diagram

Legacy Support
- Migration of legacy protocols to packet-based networks


Legacy Support Diagram

IPSec VPN
- Passthrough, origination, multiplexing, switching, termination
- Built-in, uni-RAS port functionality for dial-up VPN support
- User-based or port-based tunneling
IPSec VPN Diagram

Firewall Security
- Protection against Denial of Service (DoS) attacks
- Built-in stateful firewall functionality
- Additional DMZ LAN port
- IP filtering


Firewall Security Diagram

Dial Backup
- Disaster recovery
- Remote management


Dial Backup Diagram
 

Architecture
ELIOS™ operating system; high performance RISC-based processor; VPN hardware assist; IP QoS enforcement, CIR enforcement

Port Interfaces
Standard: Two Ethernet 10/100 Base-T auto-sensing RJ45 connectors for LAN and WAN; standard internal V.90 modem
Optional: Serial port: RS-232, V.35, X.21, RS-449 for legacy protocol conversion and spoofing such as SDLC, X.25, ALC, MATIP, async, polled async, CDLC, and X.42
Optional: expansion slot for choice of 56/64 kbps DSU port, single or Dual T1/E1 channelized CSU/DSU portwith drop and insert capability, serial port, or DMZ Ethernet port

Network Protocol Support
Frame Relay; PPP; Multi-link PPP; PPPoE; X.25; IP; Ethernet

IP Routing
Static routing, standard RIP v1/v2; IP fragmentation/reassembly; routing over VPN tunnels; DHCP client/server/BootP; IP QoS, priority queueing, dynamic bandwidth allocation, Diffserv marking and classification. 802.1q VLAN tagging, VRRP (RFC 3768)

IP VPNs
Support of up to 30 simultaneous tunnels; User and port based tunnels; tunnel initiation, pass-through, multiplexing and termination; standard IPsec encryption (RFC2401); GRE (RFC 1701); Selective Layer Encryption for VPN over satellites (SLE); DES (56bit) and 3DES (168 bit) encryption; ESP (RFC2406) and AH (RFC 2402) encapsulation; HMAC MD5 (RFC2403) and HMAC SHA-1 (RFC 2404) authentication; IKE(RFC 2409), ISAKMP(RFC2408) and PKI (X.509) key exchange; CEP & Digital Certificates and DH groups; compatible with other IPsec VPN clients; SLE to IPsec tunnel switching.

Stateful Firewall
Built-in stateful firewall functionality; IP filtering; protection against Denial of Service (DoS) attacks, additional DMZ LAN port; NAT and PrAT (Private Address Translation).

Dial Backup
PAP/CHAP authentication; PPP; fast switchover; auto-learning of IP routes; incoming or outgoing connections

Network Management
Supervisory port (out-of-band); SNMP (MIB-II with extensions); telnet (in-band); multi-level password protection; and FTP for software upgrades and configuration updates

Physical Specifications
Height: 1.7 in. (4.32 cm);
Width: 8.36 in. (21.34 cm);
Ddepth: 9.0 in. (22.86 cm);
Weight: 1.5 lb. (0.68 kg)
Power(ext): 100 to 240 VAC, 50-60 Hz
Temperature: 32° to 104° F (0° to 40° C)
Humidity: 10% to 85% non-condensing
Altitude: Up to 10,000 ft. (3,048 m)

Agency Compliance
Safety: ANSI/UL Std. No. 60950, 3rd Edition (U.S. Safety) CAN/CSA-C22.2 No. 60950 (Canadian Safety) EN 60950, European Safety (CE Mark)
Emissions: FCC Part 15, Sub-Part B, Class A (U.S.) EN 55022: 1998 (Europe)
Immunity: EN 55024: 1998 (Europe)
 
BANDIT™  (Front and Back)

BANDIT
Specifications subject to change without notice

PDF
Contact Us:
Email:sales@encorenetworks.com
Web:www.encorenetworks.com
Encore Logo
   Encore Networks, Inc.   © 2009