High Performance, Multi-Service IP VPN Solution

• T1/E1 drop & insert of voice and data traffic over a single facility
• High performance termination of up to 100 IP VPN tunnels
• Protection of corporate Intranet assets via comprehensive firewall capabilities
• Network Address Translation (NAT) and Private Address Translation (PrAT) to simplify deployment and ease management of VPN services
• Graceful migration of legacy data to IP VPNs for different vertical markets (Banking, Travel, and Lottery)
• VPN host gateway solutions for legacy and IP applications
• Rich feature set, ease of management — low cost hardware, no software licensing fees
• Worry-free protection of data and management functions with IPSec encryption

COST-EFFECTIVE SOLUTION
The BANDIT Plus™ is a compelling solution for applications that require multi-service functionality. Using a single device to consolidate networking tasks reduces hardware costs and simplifies network operations. Networks currently using multiple devices to handle voice and data traffic, IP routing, VPN, firewall, and legacy protocol support will see improved performance and significant savings. The strong price/performance/functionality ratio, no software licensing fees, and obsolescence-proof design make the BANDIT Plus™ an attractive and economical choice for corporate networks for terminating 100s of branch offices and remote locations.

INVESTMENT PROTECTION
Enterprise and carrier solution providers can provide managed IP+Legacy VPN solutions over existing broadband services, while continuing to offer value-added services to their customers. Voice and data traffic can be transmitted over existing facilities. Simplifying voice, data, and VPN billing results in reducing the overall cost for both carriers and enterprise customers.

EASY INSTALLATION AND MANAGEMENT
Plug-and-play features simplify installation and enable management from a central location. Remote dial-up users can begin using the VPN in no time. Unpack the BANDIT™, connect its power cord, LAN, WAN, and telephone. The operator at the Network Operations Center (NOC) dials into the BANDIT™ and completes installation. And GO!

IPSEC VPN TUNNELING AND SECURITY
The BANDIT Plus™ is a versatile VPN gateway, supporting 100s of simultaneous IPSec tunnel connections. The use of hardware-assisted technology allows the BANDIT Plus™ to perform IPSec encryption, stateful inspection, and IP routing without impacting overall performance and throughput. Internal IP addresses can be preserved and managed through a combination of Network Address Translation (NAT) and Private Address Translation (PrAT).

VERSATILITY
The 19-inch, 1U rackmountable design of the BANDIT Plus™ unit, its ELIOS™ operating system, and its use of IPSec standards make it easy to integrate with other networking equipment, and allow it to interoperate with off-the-shelf IPSec software clients. Two 10/100 Base-T auto-sensing Ethernet ports handle LAN and WAN subscriber interfaces to the device. An RS-232, V.35, or X.21 serial port is suitable for applications that support legacy protocol conversion and spoofing, such as SDLC, X.25, ALC, polled async, CDLC and X.42. An optional expansion module provides for the addition of a 56/64 kbps DSU port; a single T1/E1 channelized CSU port; a dual port T1/E1 CSU with drop & insert; a high density serial card, or a DMZ Ethernet port for expanded LAN/WAN capability. A dedicated supervisory console port is standard, as is an internal V.90 modem for dial backup applications and remote management.

FEATURES AND BENEFITS

Multi-Service Platform
Single multi-function unit running on the ELIOS™ operating system replaces the need for multiple single-function units — router/FRAD; IPSec VPN gateway; firewall; legacy data protocol support; TDM voice termination and transport; and dial backup capability

Integrated Voice and Data
A two-port T1/E1 card with drop & insert capability enables integration of voice, data, and VPN applications over a single facility

Flexible Connectivity
Meets customer requirements today and tomorrow. Standard: Two Ethernet 10/100 Base-T auto-sensing connections for LAN or WAN using standard RJ45 ports; serial universal interface; internal V.90 modem for dial backup or remote management Optional: Expansion slot for serial port; Ethernet port; 56/64 kbps DSU; T1/E1 CSU; dual port T1/E1 with drop & insert capability Optional: High density Remote Data Unit Module with up to 12 serial ports

IP Security and VPNs
Interoperates with off-the-shelf IPSec VPN clients; provides tunnel passthrough, initiation, multiplexing, switching, and termination; DES and 3DES encryption; ESP and AH encapsulation; HMAC MD5 and HMAC SHA-1 authentication; IKE, ISAKMP and PKI(X.509) key exchange; terminates 100s of IPSec tunnels

Corporate Network Security
Dynamic stateful firewall functionality protects corporate networks — event logging; protection against Denial of Service (DoS) attacks; IP filtering

Legacy Protocols
Extensive legacy protocol conversion and spoofing is provided for seamless migration path to IP-based networks – SDLC, VISAII, Poll-Select, Bisync, X.25, ALC, SCADA and MATIP A/B and NCP Bypass, CDLC, and X.42

Disaster Recovery
Dial backup and fail-over is supported via built-in V.90 modem, 56/64 kbps DSU, or Ethernet connection

Plug and Play Configuration
Comprehensive built-in troubleshooting and diagnostic tools reduce the time it takes toidentify and resolve problems

End-to-End IP VPN Solutions
   - Passthrough, origination, multiplexing, switching, termination
   - Built-in, uni-RAS port functionality for dial-up VPN support
   - User-based or port-based tunneling

Broadband VPN Solutions
   - Over Satellite Networks

Legacy VPN Host Gateway
   - Migration of legacy protocols to packet-based networks

Total Security (VPN & Firewall)
   - Protection against Denial of Service (DoS) attacks
   - Built-in stateful firewall functionality
   - Optional DMZ LAN port
   - IP filtering

Multi-Service VPN Solution
   - TDM voice and packet data channelized on one facility
   - Significant cost savings in reduced equipment and transports
   - Built-in VPN and firewall support
   - Built-in IP routing

Technical Specifications

Architecture
ELIOS™ operating system; high performance RISC-based processor; dedicated hardware assist encryption; IP QoS enforcement, CIR enforcement and traffic management

Port Interfaces
Standard: Two Ethernet 10/100 Base-T auto-sensing RJ45 connectors for LAN and WAN; serial port: RS-232, V.35, X.21 for legacy protocol conversion and spoofing such as SDLC, X.25, ALC, MATIP, async, polled async, CDLC, and X.42; standard internal V.90 modem;
Optional: Expansion slot for choice of additional serial port, DMZ Ethernet port, 56/64 kbps DSU port, single T1/E1 channelized CSU port, dual T1/E1 with drop & insert
Optional: High density RDU module with up to 12 serial ports for legacy protocol conversion & spoofing

Network Protocol Support
Frame Relay; PPP; Multi-link PPP; PPPoE; X.25; IP; Ethernet

IP Routing
Static routing, standard RIP v1/v2; IP fragmentation/reassembly; routing over VPN tunnels; DHCP client/server/BootP; IP QoS, priority queueing, dynamic bandwidth allocation, Diffserv marking & classification. 802.1q VLAN tagging, VRRP (RFC 3768)

IP VPNs
Support of up to 100 simultaneous tunnels; User and port based tunnels; tunnel initiation, pass-through, multiplexing and termination; standard IPsec encryption (RFC2401); GRE (RFC 1701); Selective Layer Encryption for VPN over satellites (SLE); DES (56bit) and 3DES (168 bit) encryption; ESP (RFC2406) and AH (RFC 2402) encapsulation; HMAC MD5 (RFC2403) and HMAC SHA-1 (RFC 2404) authentication; IKE(RFC 2409), ISAKMP(RFC2408) and PKI (X.509) key exchange; CEP & Digital Certificates and DH groups; compatible with other IPsec VPN clients; SLE to IPsec tunnel switching

Redundancy and High Availability
Support of VRRP (RFC 3768); VBRS (Virtual Broadband Redundancy System) for legacy host applications; device and line failure detection and recovery; auto-learning of IP routes

Stateful Firewall
Built-in stateful firewall functionality; IP filtering; protection against Denial of Service (DoS) attacks, additional DMZ LAN port; NAT and PrAT (Private Address Translation).

Network Management
Supervisory port (out-of-band); multi-level password protection; and FTP for software upgrades and configuration updates; SNMP (MIB-II with extensions); telnet (in-band)

Physical Specifications
Height: 1.75 in. (4.45 cm)
Width: 19 in. (48.26 cm)
Depth: 8.3 in. (21.08 cm)
Weight: 4 lb. (1.81 kg)
Power (ext): 100 to 240 VAC, 50-60 Hz (auto-ranging)
Temperature: 32° to 104° F (0° to 40° C)
Humidity: 10% to 85% non-condensing
Altitude: Up to 10,000 ft. (3,048 m)

Agency Compliance
Safety:
   - ANSI/UL Std. No. 60950, 3rd Edition (U.S. Safety)
   - CAN/CSA-C22.2 No. 60950 (Canadian Safety)
   - EN 60950, European Safety (CE Mark)
Emissions:
   - FCC Part 15, Sub-Part B, Class A (U.S.)
   - EN 55022: 1998 (Europe)
Immunity:
   - EN 55024: 1998 (Europe)