|
The Encore Networks BANDIT™ is a uniquely
versatile IP+Legacy Virtual Private Network
(VPN) gateway that provides router/FRAD, firewall
and IPSec VPN functionality, dial backup,
and legacy protocol support, all in one small
unit. Flexible architecture combined with
the proven ELIOS™ operating system makes
the BANDIT™ the perfect solution for
enterprise customers, carriers, and vertical
markets. Enterprise customers are attracted
to the robust feature set and the strong price/performance/functionality
ratio. Carriers benefit when migrating Frame
Relay networks to support other value-added
services, such as broadband and IP-based VPN.
Vertical markets, such as travel, utilities,
and banking, can quickly and easily migrate
from legacy systems to standards-based IP
networks. Positioned between the IP core network
and the Local Area Network (LAN), the BANDIT™ provides
the conduit for communication
between the regional/branch offices and
corporate headquarters over IP-based VPNs.
Today’s enterprise
and carrier customers want to capitalize
on the economy of using the Internet public
infrastructure, while at the same time
preserving the security of data traveling
between the corporate office, regional
and branch offices, and the remote networks
users. Positioned between the IP core network
and the Local Area Network (LAN), the BANDIT-IP™ provides
the perfect solution for cost-effective,
secure managed IP VPN networks over different
flavors of existing broadband networks
like DSL, cable, satellite, and Wi-Fi. |
|
Broadband Access Network Device
for Intelligent Termination
|
|
| FLEXIBLE FUNCTIONALITY |
 |
Remote
office/branch office solution |
 |
Broadband
access (WAN/LAN) |
|
Automatic
dial backup |
|
Protection
of corporate Intranet assets via comprehensive
firewall capabilities |
|
Guaranteed
delivery of mission-critical data via Quality
of Service (QoS) features |
|
|
| KEY BENEFITS |
|
Easy
migration from today's networks to secure
IP VPNs |
|
Inexpensive
to set up and maintain — low-cost
hardware, no software licensing fees |
|
Highly
reliable for connectivity of legacy protocols |
|
Worry-free
protection of data and management functions
with IPSec encryption |
|
|
| COST EFFECTIVE SOLUTION |
The
BANDIT™ is an extremely affordable solution
for applications that require multi-service
functionality. Using a single device to consolidate
networking tasks reduces hardware and simplifies
network operations. Networks currently using
multiple devices to handle IP routing, VPN,
firewall, and legacy protocol support will
see improved performance and significant
savings. The strong price/performance/functionality
ratio, no software licensing fees, and obsolescence-proof
design make the BANDIT™ an attractive
and economical choice for both
enterprise and carrier customers. |
|
| IPSEC VPN TUNNELING AND
SECURITY |
The
BANDIT™ is a versatile VPN gateway,
providing up to 30 simultaneous tunnel connections.
The use of hardware-assisted technology allows
the BANDIT™ to perform encryption and
IP routing without impacting
overall performance and throughput. Internal
IP addresses can be shielded from public
view through a combination of Network Address
Translation (NAT) and Private Address Translation
(PrAT). |
|
| INVESTMENT PROTECTION |
Many
network planners today are faced
with the necessity of large-scale equipment
upgrades to make networks compatible with
next-generation IP services. The BANDIT™ is
the core of Encore's Cap and Grow strategy
for migrating legacy protocols to a standard
IP-based infrastructure. Connecting legacy
equipment to next-generation networks and
services is quick, inexpensive, and immediate.
Network migration can occur seamlessly without
impacting revenue. |
|
| VERSATILITY |
The
small, standalone design of
the BANDIT™ unit,
its powerful ELIOS™ operating system,
and its use of standards-based
IPSec make it easy to integrate with other
networking equipment, and allow it to interoperate
with off-the-shelf IPSec software clients. Two 10/100
Base-T auto-sensing Ethernet ports handle LAN and WAN subscriber
interfaces to the device via standard RJ45 connections. An
RS-232, V.35, X.21, or RS-449 serial port is optional for
applications that support legacy protocols, such as SDLC,
X.25, ALC, and polled async. An optional expansion module
provides a 56/64 kbps CSU/DSU port; a single or dual T1/E1
channelized DSU/CSU port; or a DMZ Ethernet port for expanded
LAN/WAN capability. A dedicated supervisory console port
is standard, as is an internal V.90 modem for dial-up applications. |
|
| EASY INSTALLATION AND
MANAGEMENT |
Plug-and-play
features simplify installation
and enable management from a central location.
Remote dial-up users can begin using the
VPN in no time. The unit arrives at the remote
location, the network port and power are
quickly connected, and the BANDIT™ is
ready to GO! |
| |
|
|
| Multi-Service Platform |
Single
multi-function unit running on the ELIOS™ operating
system replaces need for multiple single-function
units — router/FRAD; IPSec VPN gateway;
firewall; legacy data protocol support and
dial backup capability |
|
| Flexible Connectivity |
| Meets customer requirements
today and tomorrow. |
| Standard: |
Two
Ethernet 10/100 Base-T auto-sensing connections
for LAN or WAN using standard RJ45 ports;
serial universal interface; internal V.90
modem for dial backup or remote management |
| Optional: |
Expansion
slot for serial port; Ethernet port; 56/64
kbps DSU; T1/E1 CSU; dual port T1/E1 with
drop & insert capability |
| Optional: |
High
density serial card |
|
|
| IP Security and VPN |
Interoperates
with off-the-shelf IPSec VPN clients; provides
tunnel pass-through, initiation, multiplexing,
switching, and termination; DES and 3DES
encryption; ESP and AH encapsulation; HMAC
MD5 and HMAC SHA-1 authentication; IKE, ISAKMP
and PKI(X.509) key exchange. |
|
| Legacy Protocols |
Extensive legacy protocol
support is provided for seamless migration
path to IP-based networks - SDLC,
VISAII, Poll-Select, Bisync, X.25, ALC, SCADA
and MATIP. |
|
| Disaster Recovery |
Secure
dial backup over auto-learned routes provides
continuous service availability; incoming
or outgoing connections; secured using PAP/CHAP;
fast switchover |
|
| Built-in Diagnostic Tools |
| Comprehensive, built-in
troubleshooting tools that reduce the time
it takes to identify and resolve problems |
|
| Superior Network Management |
SNMP
support helps carriers integrate with their
existing OSS systems; in-band and/or out-of-band
access via telnet or supervisory port; built-in
security via multi-level password access;
guaranteed SNMP delivery ensures that critical
events are preserved during network outages |
|
| |
| Applications |
|
| Typical
BANDIT™ Network |
 |
|
|
|
| Access CPE Router/FRAD |
| Multi-branch
connections |
 |
|
|
|
| Legacy Support |
User-based
or port-based tunneling
Passthrough,
origination, multiplexing, switching, termination
Built-in,
uni-RAS port functionality for dial-up VPN
support |
 |
|
|
|
| IPSec VPN |
User-based
or port-based tunneling
Passthrough,
orgination, multiplexing, switching, termination
Built-in,
uni-RAS port functionality for dial-up VPN
support |
 |
|
|
|
| Firewall Security |
Built-in
stateful firewall functionality
IP filtering
Protection
against Denial of Service (DoS) attacks
Additional
DMZ LAN port |
 |
|
|
|
| Dial Backup |
Disaster
recovery
Remote
management |
 |
|
|
|
Technical
Specifications |
|
| Architecture |
ELIOS™ operating
system; high performance RISC-based processor;
VPN hardware assist; IP QoS enforcement,
CIR enforcement |
|
| |
|
| Port
Interfaces |
| Standard: |
2
Ethernet 10/100 Base-T auto-sensing
RJ45 connectors for LAN and WAN; standard
internal V.90 modem |
| Optional: |
Serial
port: RS-232, V.35, X.21, RS-449 for
legacy applications such as SDLC, X.25,
ALC, MATIP, async, and polled async |
| Optional: |
Expansion
slot for choice of 56/64 kbps CSU/DSU
port, single or Dual T1/E1 channelized
CSU/DSU port with drop and insert capability,
serial port, or DMZ Ethernet port |
|
|
| |
|
| Network
Protocol Support |
Frame
Relay; PPP; Multi-link PPP; PPPoE; X.25;
IP; Ethernet |
|
| |
|
| IP
Routing |
Static
routing, standard RIP v1/v2; IP fragmentation/reassembly;
routing over VPN tunnels; DHCP client/server/BootP;
IP QoS, priority queueing, dynamic bandwidth
allocation, Diffserv marking and classification. |
|
| |
|
| IP
VPNs |
Support
of up to 30 simultaneous tunnels; User
and port based tunnels; tunnel initiation,
pass-through, multiplexing and termination;
standard IPsec encryption (RFC2401); GRE
(RFC 1701); Selective Layer Encryption
for VPN over satellites (SLE™); DES
(56bit) and 3DES (168 bit) encryption;
ESP (RFC2406) and AH (RFC 2402) encapsulation;
HMAC MD5 (RFC2403) and HMAC SHA-1 (RFC
2404) authentication; IKE(RFC 2409), ISAKMP(RFC2408)
and PKI (X.509) key exchange; CEP & Digital
Certificates and DH groups; compatible
with other IPsec VPN clients. |
|
| |
|
| Stateful
Firewall |
Built-in
stateful firewall functionality; IP filtering;
protection against Denial of Service (DoS)
attacks, additional DMZ LAN port; NAT and
PrAT (Private Address Translation). |
|
| |
|
| Dial
Backup |
PAP/CHAP
authentication; PPP; fast switchover;
auto-learning of IP routes; incoming or
outgoing connections |
|
| |
|
| Network
Management |
Supervisory
port (out-of-band); SNMP (MIB-II with extensions);
telnet (in-band); multi-level password
protection; and TFTP for software upgrades
and configuration updates |
|
| |
|
| Physical
Specifications |
| Size: |
Height:
1.7 in. (4.32 cm); width: 8.36 in.
(21.34 cm); depth: 9.0 in. (22.86 cm);
weight: 1.5 lb. (0.68 kg) |
| Power
(external): |
100
to 240 VAC, 50-60 Hz (auto-ranging) |
| Temperature: |
32° to
104° F (0° to 40° C) |
| Humidity: |
10%
to 85% non-condensing |
| Altitude: |
Up
to 10,000 ft. (3,048 m) |
|
|
| |
|
| Agency
Compliance |
| Safety: |
EN60950,
European Safety (CE Mark); UL60950
with CSA International; (CSA22.2 no.
950) |
| Emissions: |
U.S.
Safety FCC Part
15, Sub-part
B, Class A |
| Immunity: |
EN55024:
1998 |
|
|
| |
|
|
Specifications subject to change |
