|
Designed for IP-based, next-generation,
multi-service broadband networks, the BANDIT-Plus™ is
the product service providers and enterprise
customers have been waiting for when it comes
to deploying more cost-effective solutions
for voice, IP+Legacy Virtual Private Network
(VPN), security, and data over a single broadband
connection. Because the BANDIT-Plus™ can
terminate hundreds of encrypted connections
over secure IPSEC tunnels. It supports a wide
range of legacy protocols, enterprise customers
and can be deployed as a VPN host gateway
for migrating legacy applications to a packet-based
VPN infrastructure.
Packed with a wide range
of feature choices, the purpose-built,
19-inch, 1U high, rackmountable BANDIT-Plus™ provides
a large capability within a small footprint.
Running on the powerful ELIOS™ operating
system, it includes multiple Ethernet ports,
a built-in V.90 modem, a universal serial
interface, and an optional expansion module
that supports a variety of physical interfaces,
such as 56/64 kbps DSU, T1/E1 CSU, Ethernet,
and a secondary serial interface. Also,
a two port T1/E1 with “drop and Insert” capability
enables connection to existing PBXs and
provides the ability to integrate voice,
data, and VPN applications on a single
network facility. A high density serial
port allows the BANDIT-Plus™ to act
as a host VPN gateway. |
|
| Broadband Access Network Device
for Intelligent Termination |
|
| Position
Your Network for the Future |
 |
T1/E1
drop & insert of voice and data traffic
over a single facility |
|
High
performance termination of 100s of IPSec
VPN tunnels |
|
Protection of
corporate Intranet assets via comprehensive
firewall capabilities |
|
Network Address
Translation (NAT) and Private Address Translation
(PrAT) to simplify deployment and ease management
of VPN services |
|
Graceful
migration of legacy data to IP VPNs |
|
VPN
host gateway solutions for legacy and IP
applications |
|
Rich
feature set, ease of management — low
cost hardware, no software licensing fees |
|
Worry-free
protection of data and management functions
with IPSec encryption |
|
|
| COST EFFECTIVE
SOLUTION |
The
BANDIT Plus™ is a compelling solution
for applications that require multi-service
functionality. Using a single device to consolidate
networking tasks reduces hardware costs and
simplifies network operations. Networks currently
using multiple devices to handle voice and
data traffic, IP routing, VPN, firewall,
and legacy protocol support will see improved
performance and significant savings. The
strong price/ performance/functionality ratio,
no software licensing fees, and obsolescence-proof
design make the BANDIT Plus™ an attractive
and economical choice for corporate networks
for terminating 100s of branch offices and
remote locations. |
|
| INVESTMENT
PROTECTION |
Enterprise
and carrier solution providers can provide
managed IP+Legacy VPN solutions over existing
broadband services, while continuing to offer
value-added services to their customers.
Voice and data traffic can be transmitted
over existing facilities. Simplifying voice,
data, and VPN billing results in reducing
the overall cost for both carriers and enterprise
customers. |
|
| EASY INSTALLATION
AND MANAGEMENT |
Plug-and-play
features simplify installation and enable
management from a central location. Remote
dial-up users can begin using the VPN in
no time. Unpack the BANDIT™, connect
its power cord, LAN, WAN, and telephone.
The operator at the Network Operations Center
(NOC) dials into the BANDIT™ and completes
installation. And GO! |
|
| IPSEC VPN
TUNNELING AND SECURITY |
The
BANDIT Plus™ is a versatile VPN gateway,
supporting 100s of simultaneous IPSec tunnel
connections. The use of hardware-assisted
technology allows the BANDIT Plus™ to
perform IPSec encryption, stateful inspection,
and IP routing without impacting overall
performance and throughput. Internal IP addresses
can be preserved and managed through a combination
of Network Address Translation (NAT) and
Private Address Translation (Prat). |
|
| VERSATILITY |
The
19-inch, 1U rackmountable design of the BANDIT
Plus™ unit, its ELIOS™ operating
system, and its use of IPSec standards make
it easy to integrate with other networking
equipment, and allow it to interoperate with
off-the-shelf IPSec software clients. Two
10/100 Base-T auto-sensing Ethernet ports
handle LAN and WAN subscriber interfaces
to the device. An RS-232, V.35, or X.21 serial
port is suitable for applications that support
legacy protocols, such as SDLC, X.25, ALC,
and polled async. An optional expansion module
provides for the addition of a 56/64 kbps
DSU port; a single T1/E1 channelized CSU
port; a dual port T1/E1 CSU with drop & insert;
a high density serial card, or a DMZ Ethernet
port for expanded LAN/WAN capability. A dedicated
supervisory console port is standard, as
is an internal V.90 modem for dial backup
applications and remote management. |
| |
| Features
and Benefits |
|
| Multi-Service
Platform |
Single
multi-function unit running on the ELIOS™ operating
system replaces the need for multiple single-function
units — router/FRAD; IPSec VPN gateway;
firewall; legacy data protocol support; TDM
voice termination and transport; and dial
backup capability |
|
| Integrated
Voice and Data |
A
two-port T1/E1 card with drop & insert
capability enables integration of voice,
data, and VPN applications over a single
facility |
|
| Flexible
Connectivity |
| Meets customer
requirements today and tomorrow. |
| Standard: |
Two
Ethernet 10/100 Base-T auto-sensing connections
for LAN or WAN using standard RJ45 ports;
serial universal interface; internal V.90
modem for dial backup or remote management |
| Optional: |
Expansion
slot for serial port; Ethernet port; 56/64
kbps DSU; T1/E1 CSU; dual port T1/E1 with
drop & insert capability |
| Optional: |
High
density serial card |
|
|
| IP
Security and VPN |
Interoperates
with off-the-shelf IPSec VPN clients; provides
tunnel passthrough, initiation, multiplexing,
switching, and termination; DES and 3DES
encryption; ESP and AH encapsulation; HMAC
MD5 and HMAC SHA-1 authentication; IKE, ISAKMP
and PKI(X.509) key exchange ; terminates
100s of IPSec tunnels |
|
| Corporate
Network Security |
Dynamic
stateful firewall functionality protects
corporate networks — event logging;
protection against Denial of Service (DoS)
attacks; IP filtering. |
|
| Legacy
Protocols |
Extensive
legacy protocol support is provided for seamless
migration path to IP-based networks - DSLC,
VISAII, Poll-Select, Bisync, X.25, ALC, SCADA
and MATIP. |
|
| Disaster
Recovery |
Dial
backup and fail-over is supported via built-in
V.90 modem, 56/64 kbps DSU, or Ethernet connection |
|
| Plug
and Play Configuration |
Comprehensive
built-in troubleshooting and diagnostic tools
reduce the time it takes to identify and
resolve problems |
|
| |
| Applications |
|
| End-to
End IPSec VPN Solution |
| |
User-based
or port-based tunneling
Passthrough,
origination, multiplexing, switching, termination
Built-in,
uni-RAS port functionality for dial-up VPN support |
 |
| (Click
to enlarge diagram) |
|
| Broadband
VPN Solution |
| |
| Multi-branch
connections |
 |
| (Click
to enlarge diagram) |
|
| Legacy
VPN Host Gateway |
| |
| Migration
of legacy protocols to packet-based networks |
 |
|
|
| Total
Security (VPN & Firewall) |
| |
Built-in
stateful firewall functionality
IP
filtering
Protection
against Denial of Service (DOS) attacks
Optional
DMZ LAN port |
 |
|
|
| Multi-Service
VPN Solution |
| |
TDM
voice and packet data channelized on one facility
Significant
cost savings in reduced equipment and transports
Built-in
VPN and firewall support
Built-in
IP routing |
 |
|
|
| |
| Technical
Specifications |
|
| Architecture |
ELIOS™ operating
system; high performance RISC-based processor;
dedicated hardware assist encryption; IP
QoS enforcement, CIR enforcement and traffic
management |
| |
|
| Port
Interfaces |
| Standard: |
Two
Ethernet 10/100 Base-T auto-sensing RJ45
connectors for LAN and WAN; serial port:
RS232, V.35, X.21 for legacy applications
such as SDLC, X.25, ALC, MATIP, async,
and polled async; standard internal V.90
modem; |
| Optional: |
Expansion
slot for choice of additional serial port,
DMZ Ethernet port, 56/64 kbps DSU port,
single T1/E1 channelized CSU port, dual
T1/E1 with drop & insert |
| Optional: |
Expansion
slot for choice of 56/64 kbps CSU/DSU port,
single or dual T1/E1 channelized CSU/DSU
port, serial port, or DMZ Ethernet port |
| Optional: |
High
density serial card |
|
| |
|
| Network
Protocol Support |
Frame
Relay; PPP; Multi-link PPP; PPPoE; X.25; IP;
Ethernet |
| |
|
| IP
Routing |
Static
routing, standard RIP v1/v2; IP fragmentation/reassembly;
routing over VPN tunnels; DHCP client/server/BootP;
IP QoS, priority queueing, dynamic bandwidth
allocation, Diffserv marking and classification. |
| |
|
| IP
VPNs |
Support
of up to 100 simultaneous tunnels; User and
port based tunnels; tunnel initiation, pass-through,
multiplexing and termination; standard IPsec
encryption (RFC2401); GRE (RFC 1701); Selective
Layer Encryption for VPN over satellites (SLE™);
DES (56bit) and 3DES (168 bit) encryption;
ESP (RFC2406) and AH (RFC 2402) encapsulation;
HMAC MD5 (RFC2403) and HMAC SHA-1 (RFC 2404)
authentication; IKE(RFC 2409), ISAKMP(RFC2408)
and PKI (X.509) key exchange; CEP & Digital
Certificates and DH groups; compatible with
other IPsec VPN clients." |
| |
|
| Stateful
Firewall |
Built-in
stateful firewall functionality; IP filtering;
protection against Denial of Service (DoS)
attacks, additional DMZ LAN port; NAT and
PrAT (Private Address Translation). |
| |
|
| Dial
Backup |
PAP/CHAP
authentication; PPP; fast switchover; auto-learning
of IP routes; incoming or outgoing connections |
| |
|
| Network
Management |
Supervisory
port (out-of-band); multi-level password
protection; and FTP for software upgrades
and configuration updates; SNMP (MIB-II with
extensions); telnet (in-band) |
| |
|
| Physical
Specifications |
| Size: |
Height:
1.75 in. (4.45 cm); Width: 19 in. (48.26
cm); Depth: 8.3 in. (21.08 cm); Weight:
4 lb. (1.81 kg) |
| Power
(external): |
100
to 240 VAC, 50-60 Hz (auto-ranging) |
| Temperature: |
32° to
104° F (0° to 40° C) |
| Humidity: |
10%
to 85% non-condensing |
| Altitude: |
Up
to 10,000 ft. (3,048 m) |
|
| |
|
| Agency
Compliance |
| Safety: |
ANSI/UL
Std. No. 60950, 3rd Edition (U.S. Safety);
CAN/CSA-C22.2 No. 60950 (Canadian Safety);
EN 60950, European Safety (CE Mark) |
| Emissions: |
FCC
Part 15, Sub-Part B, Class A (US)
EN 55022: 1998 (Europe) |
| Immunity: |
EN55024:
1998 (Europe) |
|
| |
|
Front
and Rear panels of BANDIT-PLUS™ |
|
| |
|
