Teldat bintec R1202 Datasheet

The flexible VPN gateway for all cases

bintec R1202

• 5 x Gigabit Ethernet

• 19 inch housing with integrated power supply

• Web-based configuration / wizards

• IPSec - 10 tunnels, opt. up to 110, HW acceleration

• IPv6

• Stateful Inspection Firewall

• SIP Application Level Gateway

bintec R1202

The flexible VPN gateway for all cases

The bintec R1202 VPN gateway with Gigabit Ethernet and an ISDN interface has been designed for SMEs and medium-sized corporate headquarters with higher performance requirements.

The bintec R1202 is a powerful and, thanks to its comprehensive equipment, flexible VPN gateway. With its 19-inch metal housing and highly efficient internal switched-mode power supply the gateway guarantees long-term reliability in critical corporate applications. This makes the R1202 ideal for use as a VPN gateway in SMEs and company head offices. The device has five Gigabit Ethernet ports, which can be configured for LAN, WAN or DMZ, and comes with a licence for ten hardware-accelerated IPSec tunnels. Up to 100 additional IPSec tunnels can also be enabled if licensed.

The built-in ISDN BRI interface can be used as a remote configuration access and as an ISDN backup interface.

Using functions flexibly

Only a few functions are required to forward data between two networks. Bintec gateways have features that go far beyond just routing and allow it to be seamlessly integrated into complex IT infrastructures.

As routing protocols, you can use RIP, OSPF or the Multicast routing protocol PIM-SM for example, and the comprehensive multicast support makes the device ideal for use in multimedia and streaming applications.

Even the basic equipment of the bintec R1202 provides a SIP application level gateway (ALG) for the direct connection of IP telephones in the network or for registering with a VoIP provider. The

ALG automatically controls the internal firewall making it easier to configure your VoIP solution.

Thanks to the integrated quality of service, you can prioritise VoIP traffic over normal internet traffic, for example, and thereby always ensure sufficient bandwidth for your IP voice connections. Alternatively you can give normal data traffic priority over e-mail traffic. The DNS proxy function supports the LAN for address implementation and the automated IP configuration of PCs is carried out over an integrated DHCP server.

Remote CAPI is available for the joint use of various ISDN services.

Comprehensive IPSec implementation

The IPSec implementation integrated in bintec R1202 works not only with preshared keys but also with certificates. This allows a public key infrastructure to be created for maximum security.

(The German Federal Office for Information Security also recommends the use of certificates.)

Furthermore, the bintec IPSec implementation offers support when creating VPN connections with dynamic IP addresses: Even small branch offices can be reached without having to be permanently online. If both VPN nodes only have dynamic IP addresses, confidential information can continue. The exchange of IP addresses is carried out either over dynamic DNS providers or directly over an ISDN connection. The actual dynamic IP address is transferred either free of charge in the ISDN D-channel or, if this is not possible, in the B-channel (at cost).

By using IKE Config mode and the bintec IPSec multi user this offers the opportunity to create and manage IPSec dial-in solutions for multiple clients with minimal expense and IKE X-Auth

(extended authentication) allows a connection to be secured with a one time password and thus with the highest level of security.

Load Balancing/Redundancy

The bintec R1202 offers the opportunity to configure two or three interfaces as WAN interfaces.

Teldat GmbH - Suedwestpark 94 - 90449 Nuremberg - Germany

Phone: +49 - 911 9673-0 - Telefax: +49 - 911 688 07 25

E-Mail: [email protected] - www.teldat.org

bintec R1202

29.10.2013

Subject to technical alterations

Page 2 / 10

As a result, there is not only more bandwidth available, but there is the opportunity to spread data traffic across individual WAN connections according to load or data type. Equally, you can use a connection (e.g. SDSL) for the VPN connection of branch offices and external sales staff and use a second WAN port for a low-cost ADSL connection to guarantee the company's other data traffic.

Our bintec router redundancy protocol (BRRP) allows two devices to be operated so that they act as a single device in the LAN. Both devices have their own IP and MAC addresses for each interface as well as a joint virtual IP and MAC address. This is registered as the standard gateway for all computers in the LAN. Both of the switched gateways communicate over the bintec protocol and if either device fails, the other device automatically takes over the entire data traffic.

Simple configuration and maintenance

The gateway is configured over the Configuration Interface (FCI), using the integrated configuration wizards for example. The FCI is a web-based graphic user surface that you can use from any PC with an up-to-date Web browser via an HTTP or encrypted HTTPS connection. It also offers the opportunity to manage the devices locally and remotely over other configuration accesses such as Telnet, SSH and ISDN login.

In addition the R1202 offers the option of the Teldat WLAN Controller.

The Teldat WLAN Controller allows the configuration and monitoring of small and medium sized

WLANs with up to 72 access points.

Whether it is for frequency management which automatically determines the radio channels, for the support of virtual LANs or for the management of virtual radio networks (Multi SSID)—the

WLAN Controller offers easy control over all advanced features. Our software continuously monitors the entire wireless LAN and immediately reports outages and security risks.

DIME Manager from Teldat is a free tool for managing Teldat devices.

DIME Manager is aimed at administrators who manage networks with up to 50 devices. The software simplifies the management and configuration of gateways or access points either individually or in logical groups.

When developing DIME Manager, simple and efficient operation was the primary aim. It allows, for example, software updates to be applied to individual devices or groups of devices simply by drag and drop. DIME Manager recognises and manages new devices in the network using SNMP multicasts, in other words independent of their current IP address.

Variants

bintec R1202 - UK (5510000262)

bintec R1202 (5510000210)

VPN Gateway; 19 inch rack; 1x ISDN BRI; incl. 10 IPSec tunnels (opt. max. 110), certificates, HW encryption; 4+1 Gigabit Eth. switch; UK version.

VPN Gateway; 19 inch rack; 1x ISDN BRI; incl. 10 IPSec tunnels (opt. max. 110), certificates, HW encryption; 4+1 Gigabit Eth. switch; german and intern. version.

Features

ISDN

CAPI CAPI 2.0 with CAPI user concept (password for CAPI use)


Phone: +49 - 911 9673-0 - Telefax: +49 - 911 688 07 25


bintec R1202

29.10.2013


Page 3 / 10

ISDN

ISDN protocols

ISDN auto-configuration

ISDN leased lines

B channel protocols

X.31 over CAPI

Bit rate adaption

Euro-ISDN (Point-to-mulitpoint/Point-to-point)

Automatic recognition and configuration of ISDN protocols

Supported leased lines: D64S, D64S2, TS02, D64S2Y

Excellent interoperability with other manufacturers (Raw HDLC, CISCO HDLC, X.75)

Support for various connection paths: X.31/A for ISDN D-channel, X.31/A+B for ISDN B-channel,

X.25 within ISDN B-channel (also leased lines)

V.110 (1,200 up to 38,400 bps), V.120 up to 57,600 kbps (HSCSD) for connection to GSM subscribers

VPN

PPTP (PAC/PNS) Point to Point Tunneling Protocol for establishing fo Virtual Privat Networks, inclusive strong encryption methods with 128 Bit (MPPE) up to 168 Bit (DES/3DES, Blowfish)

Integrated hardware acceleration for PPP/PTPP encryption algorithms DES, 3DES, MPPE PPP / PPTP hardware acceleration

GRE v.0

L2TP

Number of VPN tunnels

IPSec

Number of VPN tunnels

IPSec Algorithms

IPSec hardware acceleration

IPSec IKE

IPSec IKE Config Mode

IPSec IKE XAUTH (Client/Server)

IPSec IKE XAUTH (Client/Server)

IPSec NAT-T

IPSec IPComp

IPSec certificates (PKI)

IPSec SCEP

IPSec Certificate Revocation

Lists (CRL)

IPSec Dead Peer Detection

(DPD)

Generic Routing Encapsulation V.0 according RFC 2784 for common encapsulation

Layer 2 tunnelling protocol inclusive PPP user authentication

Inclusive 110 active PPTP, L2TP and GRE v.0 tunnels (also in combination possible)

Internet Protocol Security establishing of VPN connections

Inclusive 10 active VPN tunnels, optional up to 110 IPSec tunnels

DES (64 Bit), 3DES (192 Bit), AES (128,192,256 Bit), CAST (128 Bit), Blowfish (128-448 Bit), Twofish

(256 Bit); MD-5, SHA-1, RipeMD160, Tiger192 Hashes

Integrated hardware acceleration for IPSec encryption algorithms DES, 3DES, AES inclusive hardware acceleration for MD-5, SHA-1 Hash generation

IPSec key exchange via preshared keys or certificates

IKE Config Mode server enables dynamic assignment of IP addresses from the address pool of the company. IKE Config Mode client enables the router, to get assigned dynamically an IP address.

Internet Key Exchange protocol Extended Authenticaion client for login to XAUTH server and

XAUTH server for loging of XAUTH clients

Inclusive the forwarding to a RADIUS-OTP (One Time Password) server (supported OTP solutions see www.teldat.de).

Support of NAT-Traversal (Nat-T) for the application at VPN lines with NAT

IPSec IPComp data compression for higher data throughput via LZS

Support of X.509 multi-level certificates compatible to Micrososft and Open SSL CA server; upload of PKCS#7/8/10/12 files via TFTP, HTTP, HTTP, LDAP, file upload and manual via FCI

Certificates management via SCEP (Simple Certificate Enrollment Protocol)

Support of remote CRLs on a server via LDAP or local CRLs

Continuous control of IPSec connection


Phone: +49 - 911 9673-0 - Telefax: +49 - 911 688 07 25


bintec R1202

29.10.2013


Page 4 / 10

VPN

IPSec dynamic IP via ISDN

IPSec dynamic DNS

IPSec RADIUS

IPSec Multi User

IPSec QoS

IPSec NAT

IPSec throughput (1400)

IPSec throughput (256)

Transmission of dynamic IP address in ISDN D or B channel; free-of-charge licence necessary

Enables the registering of dynamic IP addresses by a dynamic DNS provider for establishing a IPSec connection.

Authentication of IPSec connections at a RADIUS server. Additionally the IPSec peers, which were configured on a RADIUS server, can be loaded into the gateway (RADIUS dialout).

Enables the Dial-in of several IPSec clients via a single IPSec peer configuration entry

The possibility to operate Quality of Service (traffic shaping) inside of an IPSec tunnel

By activating of NAT on an IPSec connection it is possible, to implement several remote locations with identical local IP addess networks in different IP nets for the VPN connection

86 Mbps with 1400 Byte packets with AES 256 / AES 128 / 3 DES encryption

19 Mbps with 1400 Byte packets with AES 256 / AES 128 / 3 DES encryption

Security

NAT/PAT

Policy based NAT/PAT

Policy based NAT/PAT

Content Filtering

Stateful Inspection Firewall

Packet Filter

Symmetric Network and Port Address Translation (NAT/PAT) with randomly generated ports inclusive Multi NAT (1:1 translation of whole networks)

Network and Port Address Translation via different criteria like IP protocols, source/destination IP

Address, source/destination port

For incoming and outgoing connections and for each interface variable configurable

Optional ISS/Cobion Content filter (30 day test license inclusive)

Packet filtering depending on the direction with controling and interpretation of each single connection status

Filtering of IP packets according to different criteria like IP protocols, source/destination IP address, source/destination port, TOS/DSCP, layer 2 priority for each interface variable configurable

Routing

Policy based Routing

Multicast IGMP

Multicast IGMP Proxy

Multicast Routing Protocol PIM

SM

Multicast inside IPSec tunnel

RIP

Extended RIP

OSPF

Extended routing (Policy Based Routing) depending of diffent criteria like IP protocols (Layer4), source/destination IP address, source/destination port, TOS/DSCP, source/destination interface and destination interface status

Support of Internet Group Management Protocol (IGMP v1, v2, v3) for the simultaneous distribution of IP packets to several stations

For easy forwarding of multicast packets via dedicated interfaces

Protocol Independent Multicast (PIM) distributes information via a central Rendezvous Point Server.

PIM Modus Sparse Mode (SM) forwards only packets to groups which have been requested

Enables the transmission of multicast packets via an IPSec tunnel

Support of RIPv1 and RIPv2, separated configurable for each interface

Triggerd RIP updates according RFC 2091 and 2453, Poisened Rerverse for a better distribution of the routes; furthermore the possibility to define RIP filters for each interface.

Support of the dynamic routing protocol OSPF


Phone: +49 - 911 9673-0 - Telefax: +49 - 911 688 07 25


bintec R1202

29.10.2013


Page 5 / 10

Routing

BGP4

Routing throughput (1518)

Routing throughput (256)

On request

199 Mbps with 1518 Byte packets

198 Mbps with 256 Byte packets

Protocols / Encapsulations

PPP/MLPPP

PPPoE (Server/Client)

MLPPPoE (Server/Client)

DNS

DYN DNS

DNS Forwarding

DHCP

Packet size controling

X.25 Enhanced

Support of Point to Point Protocol (PPP) for establishing of standard PPP connections, inclusive the

Multilink extension MLPPP for the bundeling of several connections

Point-to-Point Protocol over Ethernet (Client and Server) for establisching of PPP connections via

Ethernet/DSL (RFC 2516)

Multilink extension MLPPPoE for bundeling several PPPoE connections (only if both sides support

MLPPPoE)

DNS client, DNS server, DNS relay and DNS proxy

Enables the registering of dynamic assigned IP addresses at adynamic DNS provider, e.g. for establishing of VPN connections

Enables the forwarding of DNS requests of free configurable domains to assigned DNS server.

DHCP Client, Server, Proxy and Relay for siplified TCP/IP configuration

Adaption of PMTU or automatic packet size controling via fragmentation

Optional: X.25 over ISDN, XOT, X.25 to TCP Gateway, X.25 PAD, TP0 Bridge

Quality of Service (QoS)

Policy based Traffic Shapping

Bandwidth reservation

DiffServ

Layer2/3 tagging

TCP Download Rate Control

Dynamic bandwidth management via IP traffic shaping

Dynamic reservation of bandwidth, allocation of guaranteed and maximum bandwidths

Priority Queuing of packets on the basis of the DiffServ/TOS field

Conversion of 802.1p layer 2 priorisation information to layer 3 diffserv attributes

For reservation of bandwidth for VoIP connections

Redundancy / Loadbalancing

BRRP

BoD

Load Balancing

VPN backup

Bintec Router Redundancy Protocol for backup of several passive or active devices with free selectable priority

Bandwidth on Demand: dynamic bandwidth to suit data traffic load

Static and dynamic load balancing to several WAN connections on IP layer

Simple VPN backup via different media. Additional enables the Teldat interface based VPN concept the application of routing protocols for VPN connections.


Phone: +49 - 911 9673-0 - Telefax: +49 - 911 688 07 25


bintec R1202

29.10.2013


Page 6 / 10

Layer 2 Functionality

Bridging

VLAN

Proxy ARP

Support of layer 2 bridging with the possibility of separation of network segment via the configuration of bridge groups

Support of up to 32 VLAN (Virtual LAN) for segmentation of the network in independent virtual segments (workgroups)

Enables the router to answer ARP requests for hosts, which are accessible via the router. That enables the remote clients to use an IP address from the local net.

Logging / Monitoring / Reporting

Internal system logging

External system logging

E-Mail alert

SNMP traps

Activity Monitor

IPSec monitoring

Interfaces monitoring

ISDN monitoring

IP accounting

ISDN accounting

RADIUS accounting

Keep Alive Monitoring

Tracing

Tracing

Syslog storage in RAM, display via web-based configuration user interface (http/https), filter for subsystem, level, message

Syslog, several syslog server with different syslog level configurable

Automatic E-Mail alert by definable events

SNMP traps (v1, v2, v3) configurable

Sending of information to a PC on which Brickware is installed

Display of IPSec tunnel and IPSec statistic; output via web-based configuration user interface

(http/https)

Statistic information of all pysical and logical interfaces (ETH0, ETH1, SSIDx, ...), output via web-based configuration user interface (http/https)

Display of active and past ISDN connections; output via web-based configuration user interface

(http/https)

Detailed IP accounting, source, destination, port, interface and packet/bytes counter, transmission also via syslog protocol to syslog server

Detailed ongoing recording of ISDN connection parameter like calling number and charging information, transmission also via syslog protocol to syslog server

RADIUS accounting for PPP, PPTP, PPPoE and ISDN dialup connections

Control of hosts/connections via ICMP polling

Detailed traces can be done for different protocols e.g. ISDN, PPPoE, ... generation local on the device and remote via DIME Manager

Traces can be stored in PCAP format, so that import to different open source trace tools (e.g.

wireshark) is possible.

Administration / Management

RADIUS

RADIUS dialout

TACACS+

Central check of access authorization at one or several RADIUS server, RADIUS (PPP, IPSec inclusive X-Auth and login authentication)

On a RADIUS server configured PPP und IPSec connection can be loaded into the gateway (RADIUS dialout).

Support of TACACS+ server for login authentication and for shell comando authorization


Phone: +49 - 911 9673-0 - Telefax: +49 - 911 688 07 25


bintec R1202

29.10.2013


Page 7 / 10

Administration / Management

Time synchronization

Automatic Time Settings

SNMP configuration

Configuration export and import

SSH login

HP OpenView

XAdmin

The device system time can be obtained via ISDN and from a SNTP server (up to 3 time server configurable). The obtained time can also be transmitted per SNTP to SNTP clients.

Time zone profiles are configurable. That enables an automatic change from summer to winter time.

DIME Manager, XAdmin Supported management systems

Configurable scheduler

Configuration Interface (FCI)

Software update

Remote maintenance

Configuration via serial interface

ISDN remote maintenance

ISDN remote maintenance

GSM remote maintenance

Device discovery function

On The Fly configuration

SNMP

Configuring of time and event controlled tasks, e.g. reboot device, activate/deactivate interface, activate/deactivate WLAN, trigger SW update and configuration backup

Integrated web server for web-based configuration via HTTP or HTTPS (supporting self created certificates). This user interface is by most of Teldat GmbH products identical.

Software updates are free of charge; update via local files, HTTP, TFTP or via direct access to the

Teldat web server

Remote maintenance via telnet, SSL, SSH, HTTP, HTTPS and SNMP (V1,V2,V3)

Serial configuariton interface is available

Remote maintenance via ISDN dial-in with checking of the calling number. The ISDN remote maintenance connection between two Teldat devices can be encrypted.

A transparent mode enables transmissions of configurations and software updates respectively

Remote maintenance via GSM login (external modem and cable required)

Device discovery via SNMP multicast.

No reboot after reconfiguration required

SNMP (v1, v2, v3), USM model, VACM views, SNMP traps (v1, v2, v3) configurable, SNMP IP access list configurable

Complete management with MIB-II, MIB 802.11, Enterprise MIB

Load and save configurations, optional encrypted; optional automatic control via scheduler

Supports SSH V1.5 and SSH V2.0 for secure connections of terminal applications

Integration into Network Node Manager

Support of XAdmin roll out and configuration managemant tool for larger router installations

(IP+ISDN+GSM)

Interfaces

Ethernet

Serial console

ISDN Basic Rate (BRI)

Hardware

5 x 10/100/1000 Mbps Ethernet Twisted Pair, autosensing, Auto MDI/MDI-X, up to 4 ports can be switches as additional WAN ports incl. load balancing, all Ethernet ports can be configured as LAN or WAN.

Serial console interface / COM port (mini USB): optional, connection of an analogue / GPRS modem is possible (supported modems: see www.teldat.de)

1 x BRI (TE), 2 B channels


Phone: +49 - 911 9673-0 - Telefax: +49 - 911 688 07 25


bintec R1202

29.10.2013


Page 8 / 10

Hardware

19 inch

Realtime clock

Environment

Power supply

Power consumption

Housing

Dimension

Weight

Fan

Reset button

Standards and certifications

Mountable in 19 inch rack, incl. 19 inch rack mount kit

System time persists even at power failure for some hours.

Temperature range: Operational 0°C to 40°C; storage -10°C to 70°C; Max. rel. humidity 10 - 95%

(non condensing)

Integrated wide range power supply 110-240V, with energy efficient swiching controller

Max. 15 Watt, typ. 13 Watt

19 inch 1 high unit metal case, screw-on 19 inch mounting-angle, LEDs and network connectors at front side

Ca. 485.6 mm x 220 mm x 45 mm (W x H x D)

Ca. 2600g

Fanless design therefor high MTBF

Restart or reset to factory state possible

R&TTE directive 1999/5/EG; EN 55022; EN 55024 + EN 55024/A1; EN61000-3-2; EN 61000-3-3; EN

61000-4-4; EN 60950-1; EN 300 328

Content of Delivery

Manual

DVD

Ethernet cable

Network cable

Serial cable

ISDN (BRI/S0) cable

Quick Installation Guide in German and English

DVD with system software, management software and documentation

1 Ethernet cable, 3m

Power cable

Serial cable (mini USB - DSUB 9 female)

ISDN (BRI/S0) cable, 3m

Service

Warranty

Software Update

2 year manufacturer warranty inclusive advanced replacement

Free-of-charge software updates for system software (BOSS) and management software (DIME

Manager)

Options

MPPC and Stac compression

IP address ISDN B/D channel license

Free-of-charge license for Stac and MPPC compression; registration under www.teldat.de required

Free of charge license for IP address transmission in ISDN D or B channel for IPSec connections; registering under www.teldat.de required.

Accessoires

Access Points and Bridges


Phone: +49 - 911 9673-0 - Telefax: +49 - 911 688 07 25


bintec R1202

29.10.2013


Page 9 / 10

Access Points and Bridges

WLAN-Contr.-Bundle 10xW1003n

(5510000351)

WLAN-Contr.-Bundle 10xW2003n

(5510000352)

Software Licenses

License upgrade 5 SIP channels

(5500000869)

Rxx02/RTxx02/RXL12xxx-IPSEC25

(5500000781)

Rxx02/RTxx02-X25 (5500000783)

Cobion Content Filter Small (80551)

WLAN Controller Bundle contains 10 Access Points bintec W1003n (5510000321) ,

1 bintec R1202 (5510000210) and 2 WLAN Controller license (5500000943)

WLAN Controller Bundle contains 10 Access Points bintec W2003n (5510000324) ,

1 bintec R1202 (5510000210) and 2 WLAN Controller licences (5500000943)

License to enhance the system by 5 additional SIP channels

Additional 25 IPSec tunnel license for Rxx02, RTxx02 and RXL12xxx series

License for X.25/XOT/X25toTCP for Rxx02 and RTxx02 series

Cobion content filter for RSxxx, Rxx02, RTxx02 series; R230a(w), R232b(w), TR200,

R1200(w/wu), R3000(w), R3400, R3800, R232aw; list price for one year

Pick-up Service / Warranty Extension

Service Package 'medium' (5500000812) Warranty extension of 3 years to a total of 5 years, including advanced replacement for Teldat products of the category 'medium'. Please find a detailed description as well as an overview of the categories on www.teldat.de/servicepackages.

Product Services

HotSpotHosting 1yr 1 location (5510000198)

HotSpotHosting 2yr 1 location (5500000861)

Additional HotSpot location (5510000199)

HotSpot solution hosting fee for 1 year and 1 location

HotSpot solution hosting fee for 2 year and 1 location

Additional location for the HotSpot solution (551000198, 5500000861) valid for one year

Cables

Console Cable MiniUSB to DSUB9

(5500000717)

Serial console cable for RS, RT, Rxx02 Series and hybird (Mini USB to D-SUB 9)


Phone: +49 - 911 9673-0 - Telefax: +49 - 911 688 07 25


bintec R1202

29.10.2013


Page 10 / 10

Teldat bintec R1202 Datasheet

The flexible VPN gateway for all cases

bintec R1202

• 5 x Gigabit Ethernet

• 19 inch housing with integrated power supply

• Web-based configuration / wizards

• IPSec - 10 tunnels, opt. up to 110, HW acceleration

• IPv6

• Stateful Inspection Firewall

• SIP Application Level Gateway

bintec R1202

The flexible VPN gateway for all cases

Related manuals

Teldat

5510000263

Funkwerk

22101

Teldat

5510000264

Teldat

bintec RXL12100

Teldat

5510000213

Teldat

5510000258

Teldat

5510000256

Teldat

C+ Series

Teldat

APR222ac

Teldat

5510000265

Teldat

5510000219

Teldat

5510000235